Your organization is a Google Security Operations (SecOps) customer and monitors critical assets using a SIEM dashboard. You need to dynamically monitor the assets based on a specific asset tag. What should you do?
Answer(s): B
In Google SecOps, you can add a custom filter directly to the SIEM dashboard to dynamically monitor assets based on a specific asset tag. This approach is straightforward, requires no external intervention, and ensures that the dashboard updates automatically as assets with the tag change over time.
A business unit in your organization plans to use Vertex AI to develop models within Google Cloud. The security team needs to implement detective and preventative guardrails to ensure that the environment meets internal security control requirements. How should you secure this environment?
Answer(s): D
The correct approach is to create a posture in SCC that combines predefined and custom organization policies with predefined and custom Security Health Analytics (SHA) modules, and then scope it to the business unit folder. This ensures both preventative guardrails (organization policies) and detective guardrails (SHA findings) are enforced for the Vertex AI environment, aligning with internal security control requirements.
You are implementing Google Security Operations (SecOps) with multiple log sources. You want to closely monitor the health of the ingestion pipeline's forwarders and collection agents, and detect silent sources within five minutes. What should you do?
Answer(s): A
The best solution is to create a Cloud Monitoring notification with a metric-absence condition for each collector_id. A metric-absence alert triggers when expected ingestion metrics are missing within a defined period (e.g., five minutes), which quickly identifies silent sources or failed collectors. This provides near real- time detection of ingestion health issues in the SecOps pipeline.
A Google Security Operations (SecOps) detection rule is generating frequent false positive alerts. The rule was designed to detect suspicious Cloud Storage enumeration by triggering an alert whenever the storage.objects.list API operation is called using the api.operation UDM field. However, a legitimate backup automation tool that uses the same API, causing the rule to fire unnecessarily. You need to reduce these false positives from this trusted backup tool while still detecting potentially malicious usage. How should you modify the rule to improve its accuracy?
The most accurate way to reduce false positives is to exclude the known trusted backup automation account by adding a condition such as principal.user.email != "backup-bot@foobaa.com". This keeps the rule active for all other accounts, ensuring you still detect suspicious or malicious Cloud Storage enumeration while preventing unnecessary alerts from legitimate automation.
Your company uses Google Security Operations (SecOps) Enterprise and is ingesting various logs. You need to proactively identify potentially compromised user accounts. Specifically, you need to detect when a user account downloads an unusually large volume of data compared to the user's established baseline activity. You want to detect this anomalous data access behavior using the least amount of effort. What should you do?
The most effective and least effort solution is to enable curated UEBA (User and Endpoint Behavioral Analytics) detection rules in Google SecOps and use the Risk Analytics dashboard. UEBA automatically establishes user baselines and detects anomalies such as unusually large data downloads, removing the need to manually define thresholds or build custom rules.
Your organization uses Security Command Center (SCC) and relies on Compute Engine instances to run business-critical workloads. SCC has flagged a particular instance for exhibiting a high volume of outbound network connections to geographically diverse and unknown IP addresses. You need to determine whether the instance has been compromised by malware. What should you do?
The correct action is to analyze Event Threat Detection (ETD) findings in SCC, which provide detailed insights into suspicious activities such as unusual outbound network connections. Reviewing these findings allows you to correlate the flagged activity with the instance's outbound traffic patterns, helping determine whether the instance is compromised by malware.
Your company wants to enhance its detection capabilities to prevent insider threat incidents. You need to be alerted when a privileged Google Group is modified to allow access to the general public. You need to identify and enable the optimal log source, and configure the alert. What should you do?
To detect insider threats involving Google Group privilege modifications, you need Google Workspace Admin Audit logs, which capture group membership and sharing changes. By enabling data sharing of these logs with SCC and ensuring Event Threat Detection (ETD) is enabled, SCC will automatically generate findings for risky modifications, such as making a privileged group publicly accessible. This provides the optimal log source and automated alerting with minimal effort.
You are using Google Security Operations (SecOps) to investigate suspicious activity linked to a specific user. You want to identify all assets the user has interacted with over the past seven days to assess potential impact. Your need to understand the user's relationships to endpoints, service accounts, and cloud resources. How should you identify user-to-asset relationships in Google SecOps?
The correct approach is to query UDM Search for hostnames (or other asset identifiers) and filter results by the specific user. UDM normalizes logs into a common schema, allowing you to trace the user's interactions across endpoints, service accounts, and cloud resources within the seven-day window. This provides a comprehensive view of user-to-asset relationships for impact assessment.
Share your comments for Google Security-Operations-Engineer exam with other users:
helpful questions
thanks for question
the software is provided for free so this is a big change. all other sites are charging for that. also that fucking examtopic site that says free is not free at all. you are hit with a pay-wall.
i need exam questions nca 6.5 any help please ?
just took the comptia cybersecurity analyst (cysa+) - wished id seeing this before my exam
very helpful
i need this exam
nice questions... are these questions the same of the exam?
need to view
highly appreciate for your sharing.
kindly share this dump. thank you
link plz for download
data quality oecd
rman is one good recovery technology
need it thx
good questions
good one nice revision
i love this thank you i need
question # 142: data governance is not one of the deliverables in the document and content management context diagram.
most answers not correct here
what % of questions do we get in the real exam?
i just want to tell you. i took my microsoft az-104 exam and passed it. your program was awesome. i especially liked your detailed questions and answers and practice tests that made me well-prepared for the exam. thanks to this website!!!
all the best
very usefull document
nice and helpful questions
i found the questions helpful
q 105 . ans is d
i have interest to get a sybase iq dba certification
want to pass exm.
are the answers correct?
good morning, could you please upload this exam again, i need it to test my knowledge in sd-wan with version 7.0.
very nice question
i have learning disability and this exam dumps allowed me to focus on the actual questions and not worry about notes and the those other study materials.
165 should be apt
Keeping this site free takes real effort. We constantly battle automated scraping and unauthorized content copying. A quick account helps us protect the community and keep the site free.
To continue studying for your Security-Operations-Engineer, please sign in or create a free account.