Free Google Professional-Security-Operations-Engineer Exam Questions

Question 1

Your organization's Google Security Operations (SecOps) tenant is ingesting a vendor's firewall logs in its default JSON format using the Google-provided parser for that log. The vendor recently released a patch that introduces a new field and renames an existing field in the logs. The parser does not recognize these two fields and they remain available only in the raw logs, while the rest of the log is parsed normally. You need to resolve this logging issue as soon as possible while minimizing the overall change management impact. What should you do?

A : Use the web interface-based custom parser feature in Google SecOps to copy the parser, and modify it to map both fields to UDM.

B : Use the Extract Additional Fields tool in Google SecOps to convert the raw log entries to additional fields.

C : Deploy a third-party data pipeline management tool to ingest the logs, and transform the updated fields into fields supported by the default parser.

D : Write a code snippet, and deploy it in a parser extension to map both fields to UDM.

Answer: D

Question 2

Your Google Security Operations (SecOps) case queue contains a case with IP address entities. You need to determine whether the entities are internal or external assets and ensure that internal IP address entities are marked accordingly upon ingestion into Google SecOps SOAR. What should you do?

A : Configure a feed to ingest enrichment data about the networks, and include these fields into your detection outcome.

B : Modify the connector logic to perform a secondary lookup against your CMDB and flag incoming entities as internal or external.

C : Indicate your organization's known internal CIDR ranges in the Environment Networks list in the settings.

D : Create a custom action to ping the IP address entity from your Remote Agent. If successful, the custom action designates the IP address entity as internal.

Answer: C

Question 3

Your organization's Google Security Operations (SecOps) tenant is ingesting a vendor's firewall logs in its default JSON format using the Google-provided parser for that log. The vendor recently released a patch that introduces a new field and renames an existing field in the logs. The parser does not recognize these two fields and they remain available only in the raw logs, while the rest of the log is parsed normally. You need to resolve this logging issue as soon as possible while minimizing the overall change management impact. What should you do?

A : Use the web interface-based custom parser feature in Google SecOps to copy the parser, and modify it to map both fields to UDM.

B : Use the Extract Additional Fields tool in Google SecOps to convert the raw log entries to additional fields.

C : Deploy a third-party data pipeline management tool to ingest the logs, and transform the updated fields into fields supported by the default parser.

D : Write a code snippet, and deploy it in a parser extension to map both fields to UDM.

Answer: D

Question 4

You are managing the integration of Security Command Center (SCC) with downstream tooling. You need topull security findings from SCC and import those findings as part of Google Security Operations (SecOps)SOAR actions. You need to configure the connection between SCC and Google SecOps.

A : Install the Google Rapid Response integration from the Google SecOps Marketplace. Gatherinformation about the findings from the appropriate server.

B : Install the SCC integration from the Google SecOps Marketplace. Grant the SCC API the appropriateIAM roles to integrate with the Google SecOps instance. Configure this integration using a generatedAPI key scoped to the SCC API.

C : Create a Pub/Sub topic with a NotificationConfig object and a push subscription for the desired findingtypes. Grant the Google SecOps service account the appropriate IAM roles to read from thissubscription.

D : Create a Pub/Sub topic with a NotificationConfig object and a push subscription for the desired findingtypes. Create a new Google SecOps service account in the Google Cloud project, and grant this serviceaccount the appropriate IAM roles to read from this subscription. Export the credentials from IAM andimport the credentials into Google SecOps SOAR.

Answer: B

Question 5

Your organization has recently acquired Company A, which has its own SOC and security tooling. You have already configured ingestion of Company As security telemetry and migrated their detection rules to Google Security Operations (SecOps). You now need to enable Company A's analysts to work their cases in Google SecOps. You need to ensure that Company A's analysts: do not have access to any case data originating from outside of Company A. are able to re-purpose playbooks previously developed by your organization's employees. You need to minimize effort to implement your solution. What is the first step you should take?

A : Create a Google SecOps SOAR environment for Company A.

B : Define a new SOC role for Company A.

C : Provision a new service account for Company A.

D : Acquire a second Google SecOps SOAR tenant for Company A.

Answer: A