Google Security Operations Engineer (Beta) 認定 GCP-SOE-B 試験問題:
1. You are a security analyst at an organization that uses Google Security Operations (SecOps). You have identified a new IP address that is known to be used by a malicious threat actor to launch network attacks. You need to search for this IP address in Google SecOps using all normalized logs to determine whether any malicious activity has occurred. You want to use the most effective approach. What should you do?
A) Run raw log searches using the IP address as a search term.
B) Write UDM searches using YARA-L 2.0 syntax to find events where the IP address appears.
C) Write a YARA-L 2.0 detection rule that searches for events with the IP address.
D) On the Alerts & IOCS page, review results and entries where the IP address appears.
2. You are working with your company's analyst team to automate the investigation of phishing alerts ingested directly into Google Security Operations (SecOps) SOAR from an email inbox.
The analyst team currently uses a SIEM query to search for related information. You need to design a solution to automatically include the query results in the Google SecOps case without writing any new code. What should you do?
A) Add a widget to the Default Case View in Google SecOps SOAR that allows the analyst team to query directly from the widget.
B) Add an action to the playbook that runs the SIEM query and returns the results.
C) Modify the detection rule in the SIEM to include the query results as part of the detection.
D) Create a custom action in Google SecOps IDE that runs the SIEM query from a playbook through an API call and returns the results.
3. You are responsible for monitoring the ingestion of critical Windows server logs to Google Security Operations (SecOps) by using the Bindplane agent. You want to receive an immediate notification when no logs have been ingested for over 30 minutes. You want to use the most efficient notification solution. What should you do?
A) Configure the Windows server to send an email notification if there is an error in the Bindplane process.
B) Configure a Bindplane agent to send a heartbeat signal to Google SecOps every 15 minutes, and create an alert if two heartbeats are missed.
C) Create a new YARA-L rule in Google SecOps SIEM to detect the absence of logs from the server within a 30-minute window.
D) Create a new alert policy in Cloud Monitoring that triggers a notification based on the absence of logs from the server's hostname.
4. Which Google Cloud security feature MOST helps enforce the principle of least privilege at scale?
A) VPC Firewall Rules
B) Binary Authorization
C) Cloud NAT
D) IAM predefined roles and conditional IAM policies
5. During a proactive threat hunting exercise, you discover that a critical production project has an external identity with a highly privileged IAM role. You suspect that this is part of a larger intrusion, and it is unknown how long this identity has had access. All logs are enabled and routed to a centralized organization-level Cloud Logging bucket, and historical logs have been exported to BigQuery datasets. You need to determine whether any actions were taken by this external identity in your environment. What should you do?
A) Use Policy Analyzer to identity the resources that are accessible by the external identity. Examine the logs related to these resources in the centralized Cloud Logging bucket and the BigQuery dataset.
B) Execute queries against the centralized Cloud Logging bucket and the BigQuery dataset to filter for logs for where the principal email matches the external identity.
C) Analyze IAM recommender insights and Security Command Center (SCC) findings associated with the external identity.
D) Analyze VPC Flow Logs exported to BigQuery, and correlate source IP addresses with potential login events for the external identity.
質問と回答:
| 質問 # 1 正解: B | 質問 # 2 正解: B | 質問 # 3 正解: D | 質問 # 4 正解: D | 質問 # 5 正解: B |














905 お客様のコメント
品質保証JPexamはIT認定試験のシラバスに従って、試験問題の範囲を正確に絞って、的中率が99%の最新問題集を捧げます。
1年間の無料更新サービスJPexamは1年以内に問題集の無料更新サービスを提供し、お客様がいつでも最新版の問題集を持つことを保証いたします。もし試験の内容が変更されたら、弊社は直ちにお客様にお知らせします。それに、弊社の問題集が更新されたら、早速メールで最新バージョンを送付いたします。
全額返金JPexamの問題集を利用すると、短時間で勉強しても試験に合格できるのを保証いたします。試験に不合格になってしまった場合、弊社は全額返金いたします。(
ご購入前のお試しJPexamは問題集のサンプルを無料で提供いたします。ご購入前にサンプルを試用して製品の品質を確認することができます。ご遠慮なく利用してください。
