Security-Operations-Engineer 試験問題を無料オンラインアクセス

You recently joined a company that uses Google Security Operations (SecOps) with Applied Threat Intelligence enabled. You have alert fatigue from a recent red team exercise, and you want to reduce the amount of time spent sifting through noise. You need to filter out IOCs that you suspect were generated due to the exercise. What should you do?

• A.Ask Gemini to provide a list of IOCs from the red team exercise.
• B.Navigate to the IOC Matches page. Review IOCs with an Indicator Confidence Score (IC-Score) label >= 80%.
• C.Navigate to the IOC Matches page. Identify and mute the IOCs from the red team exercise.
• D.Filter IOCs with an ingestion time that matches the time period of the red team exercise.

A security analyst wants to detect lateral movement between Compute Engine instances using valid credentials. Which data source is MOST useful?

• A.Identity-aware Proxy logs
• B.Cloud Load Balancer logs
• C.VPC Flow Logs
• D.Compute Engine serial console output

After resolving a confirmed security incident in Google Cloud, what action provides the GREATEST long-term security improvement?

• A.Updating detections, playbooks, and IAM controls based on lessons learned
• B.Adding more analysts
• C.Closing all related alerts
• D.Increasing log retention

Your organization uses the curated detection rule set in Google Security Operations (SecOps) for high priority network indicators. You are finding a vast number of false positives coming from your on-premises proxy servers. You need to reduce the number of alerts. What should you do?

• A.Configure a rule exclusion for the network.asset.ip field.
• B.Configure a rule exclusion for the target.domain field.
• C.Configure a rule exclusion for the target.ip field.
• D.Configure a rule exclusion for the principal.ip field.

Your organization recently conducted a penetration test on their environment. You have been tasked with identifying a successful attack chain. The required log sources have been ingested into Google Security Operations (SecOps). You discover anomalous outbound traffic to external domains. You suspect that the finding is a communication to a command and control (C2) infrastructure. You need to identify the least common network communications over the last 14 days. What should you do?

• A.Perform a Google SecOps SIEM raw log search that looks for low rolling prevalence domains with NETWORK_CONNECTION or NETWORK_HTTP in the firewall and proxy logs over the last 14 days.
• B.Perform a Google SecOps SOAR search that looks for cases with low rolling prevalence of NETWORK_CONNECTION or NETWORK_HTTP events over the last 14 days.
• C.Perform a Google SecOps SIEM UDM search that looks for NETWORK_CONNECTION or NETWORK_HTTP events with low rolling prevalence for principal domains over the last 14 days.
• D.Perform a Google SecOps SIEM UDM search that looks for NETWORK_CONNECTION or NETWORK_HTTP events with low rolling prevalence for target domains over the last 14 days.