Google Security Operations Engineer (Beta) Sample Questions:
1. You are responsible for monitoring the ingestion of critical Windows server logs to Google Security Operations (SecOps) by using the Bindplane agent. You want to receive an immediate notification when no logs have been ingested for over 30 minutes. You want to use the most efficient notification solution. What should you do?
A) Create a new alert policy in Cloud Monitoring that triggers a notification based on the absence of logs from the server's hostname.
B) Configure a Bindplane agent to send a heartbeat signal to Google SecOps every 15 minutes, and create an alert if two heartbeats are missed.
C) Configure the Windows server to send an email notification if there is an error in the Bindplane process.
D) Create a new YARA-L rule in Google SecOps SIEM to detect the absence of logs from the server within a 30-minute window.
2. Your organization's Google Security Operations (SecOps) tenant is ingesting a vendor's firewall logs in its default JSON format using the Google-provided parser for that log. The vendor recently released a patch that introduces a new field and renames an existing field in the logs. The parser does not recognize these two fields and they remain available only in the raw logs, while the rest of the log is parsed normally. You need to resolve this logging issue as soon as possible while minimizing the overall change management impact. What should you do?
A) Use the web interface-based custom parser feature in Google SecOps to copy the parser, and modify it to map both fields to UDM.
B) Write a code snippet, and deploy it in a parser extension to map both fields to UDM.
C) Use the Extract Additional Fields tool in Google SecOps to convert the raw log entries to additional fields.
D) Deploy a third-party data pipeline management tool to ingest the logs, and transform the updated fields into fields supported by the default parser.
3. Your company's analyst team uses a playbook to make necessary changes to external systems that are integrated with the Google Security Operations (SecOps) platform. You need to automate the task to run once every day at a specific time. You want your solution to minimize maintenance overhead. What should you do?
A) Write a custom Google SecOps SOAR job in the IDE using the code from the existing playbook actions.
B) Create a Cron Scheduled Connector for this use case Configure a playbook trigger to match the cases created by the connector that runs the playbook with the relevant actions.
C) Use a VM to host a script that runs a playbook via an API call.
D) Create a Google SecOps SOAR request and a playbook trigger to match the request from the user to start the playbook with the relevant actions.
4. A SOC team notices repeated outbound HTTPS connections from a Compute Engine instance to an external IP every 60 seconds. CPU usage is normal and no malware signatures trigger. What is the BEST next analytical step?
A) Power off the instance
B) Identify the process and service account generating the traffic
C) Block the destination IP immediately
D) Notify executive leadership
5. A phishing campaign successfully convinces users to grant OAuth permissions to a malicious third-party application. Which control failure MOST likely allowed this?
A) Weak endpoint protection
B) Missing email sandboxing
C) Lack of monitoring and restriction on OAuth consent grants
D) Missing antivirus signatures
Solutions:
| Question # 1 Answer: A | Question # 2 Answer: C | Question # 3 Answer: B | Question # 4 Answer: B | Question # 5 Answer: C |














17 Customer Reviews
Quality and ValueITCertKing Practice Exams are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development - no all study materials.
Tested and ApprovedWe are committed to the process of vendor and third party approvals. We believe professionals and executives alike deserve the confidence of quality coverage these authorizations provide.
Easy to PassIf you prepare for the exams using our ITCertKing testing engine, It is easy to succeed for all certifications in the first attempt. You don't have to deal with all dumps or any free torrent / rapidshare all stuff.
Try Before BuyITCertKing offers free demo of each product. You can check out the interface, question quality and usability of our practice exams before you decide to buy.
