Google Security Operations Engineer (Beta) Sample Questions:
1. You are tasked with building a workflow in Google Security Operations (SecOps) SOAR. The documentation you are using requires a logical split that has eight different possible paths. You need to break the workflow into eight separate workflows using an automatic and efficient approach. What should you do?
A) Create a playbook that uses a Multi-Choice Question answer choices. Add instructions describing which logic to use in the instruction or question fields. Have the analyst select the appropriate answer to move the flow into the right branch.
B) Create eight playbooks for each workflow. Configure the triggered playbook to end on an instruction action that tells the analyst to pick a workflow from the playbooks tab and attach that workflow to the alert.
C) Create a playbook that uses a flow condition. Add four more branches to have a total of five branches and an "Else" branch. On the "Else" branch, include another flow condition. Include the remaining three branches with the logic required.
D) Create eight playbooks for each workflow. Create a job that identifies your recently opened cases, applies the needed logic to determine which of the eight workflows should be attached, and attaches that workflow to the alert.
2. You are a SOC manager guiding an implementation of your existing incident response plan (IRP) into Google Security Operations (SecOps). You need to capture time duration data for each of the case stages. You want your solution to minimize maintenance overhead. What should you do?
A) Write a job in the IDE that runs frequently to check the progress of each case and updates the notes with timestamps to reflect when these changes were identified.
B) Create a Google SecOps SOAR dashboard that displays specific actions that have been run, identifies which stage a case is in, and calculates the time elapsed since the start of the case.
C) Configure Case Stages in the Google SecOps SOAR settings, and use the Change Case Stage action in your playbooks that captures time metrics when the stage changes.
D) Configure a detection rule in SIEM Rules & Detections to include logic to capture the event fields for each case with the relevant stage metrics.
3. You are responsible for developing and configuring data ingestion in Google Security Operations (SecOps) for your organization. Your organization is using a prebuilt parser to parse a complex but stable and common log source. The parser is working correctly. However, your organization now wants you to change the configuration to parse additional fields from the raw logs and map them to UDM fields. What should you do?
A) Implement middleware to modify the underlying data structure.
B) Design and develop a custom parser.
C) Implement a parser extension on top of the prebuilt parser.
D) Apply any pending updates to the prebuilt parser.
4. You are responsible for monitoring the ingestion of critical Windows server logs to Google Security Operations (SecOps) by using the Bindplane agent. You want to receive an immediate notification when no logs have been ingested for over 30 minutes. You want to use the most efficient notification solution. What should you do?
A) Create a new alert policy in Cloud Monitoring that triggers a notification based on the absence of logs from the server's hostname.
B) Configure a Bindplane agent to send a heartbeat signal to Google SecOps every 15 minutes, and create an alert if two heartbeats are missed.
C) Configure the Windows server to send an email notification if there is an error in the Bindplane process.
D) Create a new YARA-L rule in Google SecOps SIEM to detect the absence of logs from the server within a 30-minute window.
5. Your company's analyst team uses a playbook to make necessary changes to external systems that are integrated with the Google Security Operations (SecOps) platform. You need to automate the task to run once every day at a specific time. You want your solution to minimize maintenance overhead. What should you do?
A) Write a custom Google SecOps SOAR job in the IDE using the code from the existing playbook actions.
B) Create a Cron Scheduled Connector for this use case Configure a playbook trigger to match the cases created by the connector that runs the playbook with the relevant actions.
C) Use a VM to host a script that runs a playbook via an API call.
D) Create a Google SecOps SOAR request and a playbook trigger to match the request from the user to start the playbook with the relevant actions.
Solutions:
| Question # 1 Answer: C | Question # 2 Answer: C | Question # 3 Answer: C | Question # 4 Answer: A | Question # 5 Answer: B |














17 Customer Reviews
Quality and ValueITCertKing Practice Exams are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development - no all study materials.
Tested and ApprovedWe are committed to the process of vendor and third party approvals. We believe professionals and executives alike deserve the confidence of quality coverage these authorizations provide.
Easy to PassIf you prepare for the exams using our ITCertKing testing engine, It is easy to succeed for all certifications in the first attempt. You don't have to deal with all dumps or any free torrent / rapidshare all stuff.
Try Before BuyITCertKing offers free demo of each product. You can check out the interface, question quality and usability of our practice exams before you decide to buy.
