Free Google Professional-Security-Operations-Engineer Exam Questions

Question 1

You are responsible for monitoring the ingestion of critical Windows server logs to Google Security Operations (SecOps) by using the Bindplane agent. You want to receive an immediate notification when no logs have been ingested for over 30 minutes. You want to use the most efficient notification solution. What should you do?

A : Configure the Windows server to send an email notification if there is an error in the Bindplane process.

B : Create a new YARA-L rule in Google SecOps SIEM to detect the absence of logs from the server within a 30-minute window.

C : Configure a Bindplane agent to send a heartbeat signal to Google SecOps every 15 minutes, and create an alert if two heartbeats are missed.

D : Create a new alert policy in Cloud Monitoring that triggers a notification based on the absence of logs from the server's hostname.

Answer: D

Question 2

You are a security operations engineer in an enterprise that uses Google Security Operations (SecOps). Youneed to improve your detection coverage and reduce the false positive detection ratio as quickly as possible.What should you do?

A : Enable curated detections to identify threats.

B : Ingest data from your threat intelligence platform (TIP) into Google SecOps.

C : Develop YARA-L detection rules that focus on threat intelligence.

D : Design YARA-L detection rules based on Google SecOps Marketplace use cases.

Answer: A

Question 3

You are responsible for monitoring the ingestion of critical Windows server logs to Google Security Operations (SecOps) by using the Bindplane agent. You want to receive an immediate notification when no logs have been ingested for over 30 minutes. You want to use the most efficient notification solution. What should you do?

A : Configure the Windows server to send an email notification if there is an error in the Bindplane process.

B : Create a new YARA-L rule in Google SecOps SIEM to detect the absence of logs from the server within a 30-minute window.

C : Configure a Bindplane agent to send a heartbeat signal to Google SecOps every 15 minutes, and create an alert if two heartbeats are missed.

D : Create a new alert policy in Cloud Monitoring that triggers a notification based on the absence of logs from the server's hostname.

Answer: D

Question 4

You are part of a cybersecurity team at a large multinational corporation that uses Google Security Operations (SecOps). You have been tasked with identifying unknown command and control nodes (C2s) that are potentially active in your organization's environment. You need to generate a list of potential matches for the unknown C2s within the next 24 hours. What should you do?

A : Review Security Health Analytics (SHA) findings in Security Command Center (SCC).

B : Load network records into BigQuery to identify endpoints that are communicating with domains outside three standard deviations of normal.

C : Write a YARA-L rule in Google SecOps that scans historic network outbound connections against ingested threat intelligence. Run the rule in a retrohunt against the full tenant.

D : Write a YARA-L rule in Google SecOps that compares network traffic from endpoints to recent WHOIS registrations. Run the rule in a retrohunt against the full tenant.

Answer: D

Question 5

Your Google Security Operations (SecOps) case queue contains a case with IP address entities. You need to determine whether the entities are internal or external assets and ensure that internal IP address entities are marked accordingly upon ingestion into Google SecOps SOAR. What should you do?

A : Configure a feed to ingest enrichment data about the networks, and include these fields into your detection outcome.

B : Modify the connector logic to perform a secondary lookup against your CMDB and flag incoming entities as internal or external.

C : Indicate your organization's known internal CIDR ranges in the Environment Networks list in the settings.

D : Create a custom action to ping the IP address entity from your Remote Agent. If successful, the custom action designates the IP address entity as internal.

Answer: C