€20

Google Cloud SecOps Technical Credential Answers

1 rating
Add to cart

Google Cloud SecOps Technical Credential Answers

€20
1 rating

Google Cloud SecOps Technical Credential Answers


This assessment will test your knowledge of the SecOps (Chronical and Mandiant) products. You must achieve a score of 80% or higher to receive the technical credential.

 

Questions:

 

 

Identify the Security Operations Center (SOC) Practitioner Personas that are most likely to be using Security Information and Event Management (SIEM) on a regular basis.

Select two that apply, and then click Submit.

  • Security Analyst
  • Security Engineer
  • Software Developer
  • Malware Researcher

 

Identify the three features referred to as "table stakes" for Security Information and Event Management (SIEM).

Select one that applies, and then click Submit.

  • Detection, Application Monitoring, and User and Entity Behavior Analytics (UEBA)
  • Search, Application Monitoring, and Statistical Normalization
  • Search, Detection, and Visualization
  • Visualization, Vulnerability Management, and User and Entity Behavior Analytics (UEBA)

 

The rule language in Chronicle Security Information and Event Management (SIEM) was designed for what purpose?

Select one that applies, and then click Submit.

  • Business Intelligence
  • Data Analytics
  • Metric Visualization
  • Threat Detection

 

Aliasing applies to what kinds of entities in Chronicle Security Information and Event Management (SIEM)?

Select one that applies, and then click Submit.

  • Users, Internet Protocol (IP) Addresses, Domains, and Indicators of Compromise (IOCs)
  • Users, Processes, Assets, and Hashes
  • Internet Protocol (IP) Addresses, Hostnames, and Domains
  • Users, Hostnames, Binaries, and Indicators of Compromise (IOCs)

 

What three components make up the Chronicle Entity Context Graph (ECG)?

Select one that applies, and then click Submit.

  • Entity Context, Asset Context, and Time Domain Context
  • Host Context, Process Context, and Time Domain Context
  • Entity Context, Global Context, and Local Context
  • Entity Context, Derived Context, and Global Context

 

What is the product name of the largest threat observatory, operated by Google, that plugs directly into Chronicle?

Select one that applies, and then click Submit.

  • Google Cloud Threat Intelligence (GCTI)
  • Emerging Threats
  • VirusTotal
  • Mandiant Red Threats

 

There are rules that are created by the customer or owner of a Chronicle Security Information and Event Management (SIEM) tenant, and there are a group of rules developed by Uppercase based on Google threat intelligence. What is the Google-provided rules called?

Select one that applies, and then click Submit.

  • Default Rules
  • Curated Rules
  • Template Rules
  • Repo Rules

 

Over what time span will Chronicle Security Information and Event Management (SIEM) re-evaluate Indicators of Compromise (IOCs) and create new correlations and alerts?

Select one that applies, and then click Submit.

  • 72 hours
  • 1 month
  • 1 week
  • 1 year

 

Data from Chronicle can be transparently copied out into what data warehouse for further analytics?

Select one that applies, and then click Submit.

  • Google BigData
  • Google BigQuery
  • Google Datastore
  • Google Firestore

 

When selecting a data source to forward to Chronicle Security Information and Event Management (SIEM), for what parsers can you expect the most rigorous testing?

Select one that applies, and then click Submit.

  • Default Parsers
  • Diamond Parsers
  • Platinum Parsers
  • Gold Parsers

 

What does UDM stand for?

Select one that applies, and then click Submit.

  • Uppercase Data Model
  • Unified Data Model
  • Unicorn Data Mode
  • Uninterruptable Data Model

 

The UDM is designed to contain models for what two types of data?

Select one that applies, and then click Submit.

  • Events and Objects
  • Objects and Lists
  • Events and Entities
  • Events and Lists

 

Chronicle Security Information and Event Management (SIEM) applies the schema at what point to ensure maximum performance and increase the number of pivots that can be done on data?

Select one that applies, and then click Submit.

  • It depends on the parser
  • On search
  • Some on write, some on search
  • On write

 

What is the primary job of the Indexing service?

Select one that applies, and then click Submit.

  • Index the telemetry for maximum data resiliency.
  • Index the telemetry for fast retrieval.
  • Return the results of a search.
  • Create unique markers for data integrity.

 

Which Chronicle Security Information and Event Management (SIEM) search method allows for a "grep" like functionality?

Select one that applies, and then click Submit.

  • Unified Data Model (UDM) Search
  • Indexed Log Search
  • Raw Log Search
  • Entity Graph Search

 

What are the two primary functions of the Partner Application Programming Interfaces (APIs)?

Select one that applies, and then click Submit.

  • Provision new customers and process billing
  • Ingestion metrics and process billing
  • Provision new customers and rotate customer keying information
  • Provision new customers and parser tools

 

What are the required sections of a YARA-L rule?

Select one that applies, and then click Submit.

  • Meta, events, and condition
  • Meta, events, condition, and match
  • Meta, events, condition, and outcome
  • Meta and events

 

Which optional field is required for a multi-event YARA-L rule?

Select one that applies, and then click Submit.

  • Events
  • Match
  • Outcome
  • Options

 

In YARA-L, what is the equivalent of #var > 0?

Select one that applies, and then click Submit.

  • $var
  • &var
  • %var
  • $var = 1

 

For what kind of field will the nocase operator cause an error?

Select one that applies, and then click Submit.

  • Optional Fields
  • String Fields
  • Enumerated Fields
  • Classless Inter-Domain Routing (CIDR) Fields

 

What are the special operators that can act on a repeated field value in YARA-L?

Select one that applies, and then click Submit.

  • ANY, ALL
  • AND, NOT
  • ANY, NONE
  • OR, NOT

 

What is the maximum time range for a match section of a multi-event rule in YARA-L?

Select one that applies, and then click Submit.

  • 1 day
  • 1 week
  • 48 hours
  • 72 hours

 

What two operators in YARA-L create a sliding window of time that will match events in a specific order?

Select one that applies, and then click Submit.

  • until, after
  • before, gt
  • lt, gt
  • before, after

 

What string function can be used to decode encoded command lines, especially in PowerShell?

Select one that applies, and then click Submit.

  • strings.decode
  • strings.base64_decode
  • strings.hashmatch
  • strings.encode

 

When considering parsing in Chronicle Security Information and Event Management (SIEM), a data source must always be associated with what?

Select one that applies, and then click Submit.

  • Metadata event type
  • Data Application Programming Interface (API)
  • Metadata path
  • Data label

 

What are the extract functions used in Google's Configuration-based Normalization?

Select one that applies, and then click Submit.

  • JSON, XML, KV, GROK, and CSV
  • JSON, TSV, KV, and CSV
  • XML, KV, CSV, TSV, and SQL
  • XML, KV, and CSV

 

What are the two search modes available in Chronicle Security Information and Event Management (SIEM)?

Select one that applies, and then click Submit.

  • Regex and field query
  • Unified Data Model (UDM) Search and grep regex
  • Unified Data Model (UDM) Search and Raw Log Scan
  • Unified Data Model (UDM) Search and YARA-L

 

On the Mandiant Advantage Threat Intelligence home page, high-level activity metrics for which types of threats are shown on the dashboard?

Select one that applies, and then click Submit.

  • Actor, Smishing, and Vulnerability
  • Actor, Malware, and Vulnerability
  • Vulnerability, Insider Threat, and Phishing
  • Actor, Phishing, and Vulnerability

 

What is the minimum Mandiant Threat Intel subscription level that provides access to MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) tactics and techniques for Mandiant-tracked Actors and Malware?

Select one that applies, and then click Submit.

  • Threat Intelligence Security Operations
  • Malware Intelligence Operations
  • Threat Operations
  • Security Operations Assistance Platform

 

If a prospect requires a keyword-driven solution for deep, dark, and open web reconnaissance, which Mandiant Threat Intelligence subscription should be considered?

Select one that applies, and then click Submit.

  • Deep Web Threat Monitoring
  • Dark Search Tools
  • Digital Threat Monitoring
  • Digital Actor Monitoring

 

What is the minimum Mandiant Threat Intelligence subscription level that provides full-narrative strategic to tactical analysis and access to 20+ report types from Mandiant frontline threat intelligence analysts?

Select one that applies, and then click Submit.

  • Mandiant Threat Level Report
  • Threat Aggregation
  • Mandiant Weather Report
  • Threat Intelligence Fusion

 

Mandiant Threat Intelligence malware profiles include malware detections written in what language?

Select one that applies, and then click Submit.

  • SQL
  • YARA
  • KSQL
  • Snort

 

Which Mandiant Threat Intelligence Application Programming Interface (API) version four endpoint will return a list of all threat actors?

Select one that applies, and then click Submit.

  • /v4/actor
  • /v4/actors.all
  • /mandiant/threatactors
  • /mati/actors

 

Which Mandiant Threat Intelligence API version 4 endpoint will return information about vulnerabilities, including in a given period, by Identity Document (ID) or Common Vulnerabilities and Exposures (CVE)?

Select one that applies, and then click Submit.

  • /v4/actors
  • /v4/vulnerability.all
  • /v4/vulnerability
  • /v4/vuln

 

Which Mandiant Threat Intelligence Application Programming Interface (API) version 4 endpoint will return a list of indicators?

Select one that applies, and then click Submit.

  • /var/indicators.all
  • /v4/threats/indicators
  • /v4/actor/indicator
  • /v4/indicator

 

Mandiant Attack Surface Management (ASM) supports scanning for vulnerability exploitation that was demonstrated during the SolarWinds events publicized in December 2020. What kind of vulnerability exploitation was it?

Select one that applies, and then click Submit.

  • Supply chain attack
  • Phishing attack
  • RAT-based attack
  • Insider threat

 

When does Mandiant Attack Surface Management (ASM) require some form of authentication for discovery?

Select one that applies, and then click Submit.

  • Insider Threat
  • When integrating into Cloud Assets or third party tools
  • Always
  • Never

 

Mandiant Attack Surface Management (ASM) discovers technologies using what method?

Select one that applies, and then click Submit.

  • Secure SHell (SSH) prompt scanning
  • Simple Network Management Protocol (SNMP) query
  • Banner scanning
  • Fingerprinting

 

Which tab in the Mandiant Attack Surface Management (ASM) interface provides a high level exportable executive summary of the ASM solution's findings?

Select one that applies, and then click Submit.

  • Insights
  • Big Picture
  • Executive Review
  • 30,000 Foot View

 

In Attack Surface Management, what is a seed?

Select one that applies, and then click Submit.

  • A foothold where an attacker might gain entry to an environment
  • A specific piece of software running on an entity
  • A zip file downloaded to an endpoint
  • A starting point for discovery

 

Which of the following are examples of issues that Mandiant Attack Surface Management (ASM) can identify?

Select three that apply, and then click Submit.

  • Vulnerabilities
  • Misconfigurations
  • Expired Certificates
  • Disabled Endpoint Solution

 

Which of the following is a currently supported outbound integration for Mandiant Attack Surface Management (ASM)?

Select one that applies, and then click Submit.

  • Tenable
  • PaloAlto Xpanse
  • JIRA
  • Trellix Helix

 

What part of an Entity page shows how Attack Surface Management (ASM) found this entity from the initial seed as well as the task that uncovered it?

Select one that applies, and then click Submit.

  • Associated Issues
  • Discovery Context
  • Entity Context
  • Scoping Map

 

What collection scan settings can be supplied if custom input types are required?

Select one that applies, and then click Submit.

  • Cookies, Ports, and Headers
  • Cookies, Internet Protocol (IP) Addresses, and Authentication Tokens
  • Ports, Cookies, and Secure SHell (SSH) Keys
  • Headers, Bearer Tokens, and Internet Protocol (IP) Addresses

 

What are the main types of actors used in Mandiant Security Validation?

Select two that apply, and then click Submit.

  • Server
  • Network
  • Database
  • Endpoint

 

What happens to an Actor in a protected Theater after the conclusion of each test?

Select one that applies, and then click Submit.

  • They are deleted.
  • They are reverted to their original state.
  • They are reverted to a traditional endpoint actor.
  • An Automated Environmental Change/Drift Analysis (AEDA) job is generated for that actor for all actions in the test.

 

The ability to automate drift detection, reducing manual efforts in standardization, is a function of what module of Mandiant Security Validation?

Select one that applies, and then click Submit.

  • Endpoint Protected Theater
  • Threat Actor Assurance Module
  • Email Theater
  • Advanced Environmental Drift Analysis

 

When considering a Proof of Concept (POC) of Mandiant Security Validation, in addition to the Success Criteria, what other customer information should be documented before the beginning of the POC?

Select three that apply, and then click Submit.

  • Customer Validation Use Cases
  • Customer Network Infrastructure and Deployed Security Controls
  • Customer Internet Egress Internet Protocol (IP) Addresses
  • Customer Security Lifecycle Framework

 

Which are the two MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) tactics that are not covered by Mandiant Security Validation?

Select two that apply, and then click Submit.

  • Resource Development
  • Reconnaissance
  • Command and Control
  • Defense Evasion

 

How do you Sync integrations between your Director and Third party integrations?

Select one that applies, and then click Submit.

  • Go to Settings > Integrations. Locate the integration you want to sync to the appropriate table. Click the vertical ellipses in the last column. Click Sync in the drop-down list. Wait for the sync to complete.
  • Go to Settings > Configuration. Configure the Application you want to sync in the appropriate table. Click the vertical ellipses in the last column. Click Sync in the drop-down list. Wait for the sync to complete.
  • Integrations do not need to Synchronize with the director, only output from the alerting system is required.
  • You do not need to Sync them, it is automated.

 

What is the name of the core Mandiant Security Validation component that is required for running actions against Network Security Controls, Linux, Mac, and Linux endpoint controls, and Email controls.

Select one that applies, and then click Submit.

  • Director
  • Agents
  • Actors
  • Modules

 

What is the scope of selecting the "All Environments" button when creating a playbook?

Select one that applies, and then click Submit.

  • The function will run on all future environments.
  • The function will run all the time, regardless of the playbook selection.
  • The function will run on all current environments.
  • This function created within the playbook will run on all current environments as well as on all future environments.

 

Identify the use of blocks.

Select one that applies, and then click Submit.

  • Repeatable actions
  • Condition features
  • Insight features

 

Who typically has sufficient rights to turn off the "simulator" mode?

Select one that applies, and then click Submit.

  • Security Operations Center (SOC) Analyst
  • Assistant
  • Admin

 

What is the difference between Jobs and Connectors within Chronicle Security Orchestration, Automation, and Response (SOAR)?

Select one that applies, and then click Submit.

  • Connectors notify us of any errors in the alert ingestion process. Jobs notify if a specific job has failed at least three times (sends a notification for each specific job once every three hours).
  • Connectors are used to ingest cases into the platform. Jobs support healthcheck and synchonization tasks.
  • Jobs are used to ingest cases into the platform. Connectors support healthcheck and synchonization tasks.
  • Connectors include tasks or actions to be performed by the playbook. Jobs are notified if a specific action has failed at least three times across all cases it was performed in.

 

Where can you check all the Active System Modules?

Select one that applies, and then click Submit.

  • Integrations
  • Permissions
  • Ontology
  • License Management

 

How can a manual action within a playbook be identified?

Select one that applies, and then click Submit.

  • The purple color
  • Hand symbol
  • "M" letter
  • "MAN" letters

 

What allows you to create repetitive steps within a workflow and put together a string of inputs and outputs?

Select one that applies, and then click Submit.

  • Blocks
  • Actions
  • Events
  • Playbooks

 

Where can you find the execution log of an Alert?

Select one that applies, and then click Submit.

  • Action
  • Problem
  • Chronicle Blog
  • Case

 

What can you find within the Chronicle Security Orchestration, Automation, and Response (SOAR) Marketplace?

Select one that applies, and then click Submit.

  • Security Information and Event Management (SIEM) vendors
  • Power Ups and Integrations
  • Phishing Alert Tips


More certification answers in english: https://en.certificationanswers.com/exams-answers/

Add to cart

No refunds

All our guides and products sold via a website are considered as digital products, and specific refund policies are applied. Digital products are not refundable by default, similar as films, ebooks, and similar digital assets.

Since CertificationAnswers is offering non-tangible irrevocable goods we do not issue refunds once the order is accomplished and the product download link is sent. As a customer you are responsible for understanding this upon purchasing any item at our site.

Due to the type of digital product, which includes consumable materials from minute 1 and material that can be downloaded immediately after purchase, returns are not allowed as protected by law 3/2014 of March 27 in article 103.

Last updated Aug 9, 2024

Size
153 KB
Length
12 pages
Copy product URL

Ratings

5
(1 rating)
5 stars
100%
4 stars
0%
3 stars
0%
2 stars
0%
1 star
0%