最新的 Google Cloud Certified GCP-SOE-B 免費考試真題:
1. You have identified a new threat actor group that has several IOCs in Google Threat Intelligence. You want to use some of these IOCs in several detection rules in Google Security Operations (SecOps) to help identify suspicious activity. You want to use the most effective approach. What should you do?
A) Identify the detection rules that apply to the new IOCS, and update the YARA-L logic to reference the threat actor group.
B) Save the IOCs in a new collection in Google Threat Intelligence. Share this list with other members of the security team to facilitate their searches and rule creation.
C) Add the IOCs to a new or existing reference list, and update the YARA-L logic of detection rules to include the reference list.
D) Configure a new data feed in Google SecOps that includes the IOCS. Update the YARA-L logic to reference the new IOCS against applicable UDM fields.
2. You are responsible for developing and configuring data ingestion in Google Security Operations (SecOps) for your organization. Your organization is using a prebuilt parser to parse a complex but stable and common log source. The parser is working correctly. However, your organization now wants you to change the configuration to parse additional fields from the raw logs and map them to UDM fields. What should you do?
A) Apply any pending updates to the prebuilt parser.
B) Implement middleware to modify the underlying data structure.
C) Design and develop a custom parser.
D) Implement a parser extension on top of the prebuilt parser.
3. You are an incident responder at your organization using Google Security Operations (SecOps) for monitonng and investigation. You discover that a critical production server, which handles financial transactions, shows signs of unauthorized file changes and network scanning from a suspicious IP address. You suspect that persistence mechanisms may have been installed. You need to use Google SecOps to immediately contain the threat while ensuring that forensic data remains available for investigation. What should you do first?
A) Use the firewall integration to submit the IP address to a network block list to inhibit internet access from that machine.
B) Use the EDR integration to quarantine the compromised asset.
C) Deploy emergency patches, and reboot the server to remove malicious persistence.
D) Use VirusTotal to enrich the IP address and retrieve the domain. Add the domain to the proxy block list.
4. Your Google Security Operations (SecOps) SOAR integration with Security Command Center (SCC) uses a service account that currently has read access to the findings at the organization level. Google SecOps SOAR successfully reads SCC finding data, but actions attempting to update the finding states consistently fail with a permission denied error. You need to resolve this error while following the principle of least privilege. What should you do?
A) Grant the service account the roles/iam.serviceAccountUser IAM role to itself.
B) Grant the service account the roles/securitycenter.findings Editor IAM role at the organization level.
C) Regenerate the service account key, and update the credentials in Google SecOps SOAR.
D) Grant the service account the roles/securitycenter.findingsBulkMuteEditor IAM role at the organization level.
5. You work for a telecommunications company that wants to monitor their multi-region 5G network logs in Google Security Operations (SecOps). The logs are currently only available on- premises and are stored in a standalone network-attached storage (NAS) located in four different regions.
You need to ingest the logs into Google SecOps and tag each NAS as a specific log source to avoid IP address aliasing. What should you do?
A) Configure feed management to pull data from each log's location, and configure a namespace for each log source.
B) Configure feed management to pull data from each log's location, and configure an ingestion label for each log source.
C) Configure a Bindplane agent that collects Syslog from each log's location and configure an ingestion label for each log source.
D) Configure a Bindplane agent that collects Syslog from each log's location, and configure a namespace for each log source.
問題與答案:
| 問題 #1 答案: C | 問題 #2 答案: D | 問題 #3 答案: B | 問題 #4 答案: B | 問題 #5 答案: B |

下載最新試用版
13位客戶反饋
我們對我們的產品非常有信心,所以我們不提供会给客户带去麻煩的產品。








109.42.0.* -
我通過了 GCP-SOE-B 考試,特別感謝 VCESoft 網站,我當時很緊張,但是在那之后每件事都非常順利,所有的問題基本上都來自你們提供的資料。