You are a SOC manager at an organization that recently implemented Google Security Operations (SecOps). You need to monitor your organization's data ingestion health in Google SecOps. Data is ingested with Bindplane collection agents. You want to configure the following:
• Receive a notification when data sources go silent within 15 minutes.
• Visualize ingestion throughput and parsing errors. What should you do?

1. A. Configure automated scheduled delivery of an ingestion health report in the Data Ingestion and Health dashboar
2. B. Monitor and visualize data ingestion metrics in this dashboard.
3. C. Configure silent source alerts based on rule detections for anomalous data ingestion activity in Risk Analytic
4. D. Monitor and visualize the alert metrics in the Risk Analytics dashboard.
5. E. Configure notifications in Cloud Monitoring when ingestion sources become silent inBindplan
6. F. Monitor and visualize Google SecOps data ingestion metrics using Bindplane Observability Pipeline (OP).
7. G. Configure silent source notifications for Google SecOps collection agents in Cloud Monitorin
8. H. Create a Cloud Monitoring dashboard to visualize data ingestion metrics.

Correct Answer: D

Your organization uses the curated detection rule set in Google Security Operations (SecOps) for high priority network indicators. You are finding a vast number of false positives coming from your on-premises proxy servers. You need to reduce the number of alerts. What should you do?

1. A. Configure a rule exclusion for the target.ip field.
2. B. Configure a rule exclusion for the principal.ip field.
3. C. Configure a rule exclusion for the network.asset.ip field.
4. D. Configure a rule exclusion for the target.domain field.

Correct Answer: B

You have a custom-built YARA-L rule in Google Security Operations (SecOps) correlating observed IP addresses in network and EDR logs against threat intelligence findings ingested from a Malware Information Sharing Platform (MISP) over a 2-minute time window. Your company's SOC reported that the rule generates too many false positives. You want to reduce the number of false positives generated by the rule while continuing to use threat intelligence.
What should you do?

1. A. Convert the rule to a dashboard, and use a match window of 24 hours to visualize entities in a bar chart.
2. B. Modify the rule to alert only when the graph.metadata.threat.severity value is critical or high.
3. C. Modify the rule to trigger only when the ICCs graph.risk_score.risk_score field exceeds 500.
4. D. Adjust the match window in the rule to 24 hours to aggregate IP addresses by asset once a day.

Correct Answer: B

Your company's analyst team uses a playbook to make necessary changes to external systems that are integrated with the Google Security Operations (SecOps) platform. You need to automate the task to run once every day at a specific time. You want to use the most efficient solution that minimizes maintenance overhead.

1. A. Write a custom Google SecOps SOAR job in the IDE using the code from the existing playbook actions.
2. B. Create a Cron Scheduled Connector for this use cas
3. C. Configure a playbook trigger to match the cases created by the connector that runs the playbook with the relevant actions.
4. D. Create a Google SecOps SOAR request and a playbook trigger to match the request from the user to start the playbook with the relevant actions.
5. E. Use a VM to host a script that runs a playbook via an API call.

Correct Answer: B

You have a close relationship with a vendor who reveals to you privately that they have discovered a vulnerability in their web application that can be exploited in an XSS attack. This application is running on servers in the cloud and on-premises. Before the CVE is released, you want to look for signs of the vulnerability being exploited in your environment. What should you do?

1. A. Create a YARA-L 2.0 rule to detect a time-ordered series of events where an external inbound connection to a server was followed by a process on the server that spawned subprocesses previously not seen in the environment.
2. B. Activate a new Web Security Scanner scan in Security Command Center (SCC), and look for findings related to XSS.
3. C. Ask the Gemini Agent in Google Security Operations (SecOps) to search for the latest vulnerabilities in the environment.
4. D. Create a YARA-L 2.0 rule to detect high-prevalence binaries on your web server architecture communicating with known command and control (C2) node
5. E. Review inbound traffic from those C2 domains that have only started appearing recently.

Correct Answer: A