최신Google Cloud Certified - Professional Security Operations Engineer (PSOE) - Security-Operations-Engineer무료샘플문제
Your organization is a Google Security Operations (SecOps) customer and monitors critical assets using a SIEM dashboard. You need to dynamically monitor the assets based on a specific asset tag. What should you do?
You are writing a Google Security Operations (SecOps) SOAR playbook that uses the VirusTotal v3 integration to look up a URL that was reported by a threat hunter in an email. You need to use the results to make a preliminary recommendation on the maliciousness of the URL and set the severity of the alert based on the output. What should you do? (Choose two.)
A workload is created and terminated within five minutes and later linked to cryptomining activity.
What MOST complicates the investigation?
Your team hunts for threats in a large multinational corporation. You have subscriptions to threat intelligence feeds from third-party sources. You want to implement a solution to continuously compare DNS calls on endpoints to your threat intelligence feeds. What should you do?
You have been tasked with creating a YARA-L detection rule in Google Security Operations (SecOps). The rule should identify when an internal host initiates a network connection to an external IP address that the Applied Threat Intelligence Fusion Feed associates with indicators attributed to a specific Advanced Persistent Threat 41 (APT41) threat group. You need to ensure that the external IP address is flagged if it has a documented relationship to other APT41 indicators within the Fusion Feed. How should you configure this YARA-L rule?
You are a security analyst at a company that uses Google Security Operations (SecOps) Enterprise. Security Command Center Enterprise (SCCE), and Google Threat Intelligence (GTI).
You need to leverage threat intelligence to improve threat hunting capabilities to proactively identify novel and emerging attack patterns targeting your Google Cloud environment in near real-time. What should you do?
You are implementing Google Security Operations (SecOps) with multiple log sources. You want to closely monitor the health of the ingestion pipeline's forwarders and collection agents, and detect silent sources within five minutes. What should you do?
Your company uses Cloud Identity to manage employee identities and has Google Security Operations (SecOps) linked to your Google Cloud project. You have assigned the roles/chronicle.viewer IAM role at the project level to a specific Google Group that contains users with external Google accounts. Users in this external group authenticate successfully to Google Cloud, but are unable to access Google SecOps. Internal users granted the same role can access Google SecOps. What Google Cloud configuration is most likely preventing the external users from accessing Google SecOps?
You are a security analyst at an organization that uses Google Security Operations (SecOps).
You have identified a new IP address that is known to be used by a malicious threat actor to launch network attacks. You need to search for this IP address in Google SecOps using all normalized logs to determine whether any malicious activity has occurred. You want to use the most effective approach. What should you do?