Google Cloud SecOps Technical Credential Answers
This assessment will test your knowledge of the SecOps (Chronical and Mandiant) products. You must achieve a score of 80% or higher to receive the technical credential.
All answers to pass this certification are only in our .PDF file, you can buy and download here:
Questions:
Select two that apply, and then click Submit.
- Security Analyst
- Security Engineer
- Software Developer
- Malware Researcher
Select one that applies, and then click Submit.
- Detection, Application Monitoring, and User and Entity Behavior Analytics (UEBA)
- Search, Application Monitoring, and Statistical Normalization
- Search, Detection, and Visualization
- Visualization, Vulnerability Management, and User and Entity Behavior Analytics (UEBA)
Select one that applies, and then click Submit.
- Business Intelligence
- Data Analytics
- Metric Visualization
- Threat Detection
Select one that applies, and then click Submit.
- Users, Internet Protocol (IP) Addresses, Domains, and Indicators of Compromise (IOCs)
- Users, Processes, Assets, and Hashes
- Internet Protocol (IP) Addresses, Hostnames, and Domains
- Users, Hostnames, Binaries, and Indicators of Compromise (IOCs)
What three components make up the Chronicle Entity Context Graph (ECG)?
Select one that applies, and then click Submit.
- Entity Context, Asset Context, and Time Domain Context
- Host Context, Process Context, and Time Domain Context
- Entity Context, Global Context, and Local Context
- Entity Context, Derived Context, and Global Context
Select one that applies, and then click Submit.
- Google Cloud Threat Intelligence (GCTI)
- Emerging Threats
- VirusTotal
- Mandiant Red Threats
Select one that applies, and then click Submit.
- Default Rules
- Curated Rules
- Template Rules
- Repo Rules
Select one that applies, and then click Submit.
- 72 hours
- 1 month
- 1 week
- 1 year
Data from Chronicle can be transparently copied out into what data warehouse for further analytics?
Select one that applies, and then click Submit.
- Google BigData
- Google BigQuery
- Google Datastore
- Google Firestore
Select one that applies, and then click Submit.
- Default Parsers
- Diamond Parsers
- Platinum Parsers
- Gold Parsers
Select one that applies, and then click Submit.
- Uppercase Data Model
- Unified Data Model
- Unicorn Data Mode
- Uninterruptable Data Model
The UDM is designed to contain models for what two types of data?
Select one that applies, and then click Submit.
- Events and Objects
- Objects and Lists
- Events and Entities
- Events and Lists
Select one that applies, and then click Submit.
- It depends on the parser
- On search
- Some on write, some on search
- On write
What is the primary job of the Indexing service?
Select one that applies, and then click Submit.
- Index the telemetry for maximum data resiliency.
- Index the telemetry for fast retrieval.
- Return the results of a search.
- Create unique markers for data integrity.
Select one that applies, and then click Submit.
- Unified Data Model (UDM) Search
- Indexed Log Search
- Raw Log Search
- Entity Graph Search
What are the two primary functions of the Partner Application Programming Interfaces (APIs)?
Select one that applies, and then click Submit.
- Provision new customers and process billing
- Ingestion metrics and process billing
- Provision new customers and rotate customer keying information
- Provision new customers and parser tools
What are the required sections of a YARA-L rule?
Select one that applies, and then click Submit.
- Meta, events, and condition
- Meta, events, condition, and match
- Meta, events, condition, and outcome
- Meta and events
Which optional field is required for a multi-event YARA-L rule?
Select one that applies, and then click Submit.
- Events
- Match
- Outcome
- Options
In YARA-L, what is the equivalent of #var > 0?
Select one that applies, and then click Submit.
- $var
- &var
- %var
- $var = 1
For what kind of field will the nocase operator cause an error?
Select one that applies, and then click Submit.
- Optional Fields
- String Fields
- Enumerated Fields
- Classless Inter-Domain Routing (CIDR) Fields
What are the special operators that can act on a repeated field value in YARA-L?
Select one that applies, and then click Submit.
- ANY, ALL
- AND, NOT
- ANY, NONE
- OR, NOT
What is the maximum time range for a match section of a multi-event rule in YARA-L?
Select one that applies, and then click Submit.
- 1 day
- 1 week
- 48 hours
- 72 hours
Select one that applies, and then click Submit.
- until, after
- before, gt
- lt, gt
- before, after
What string function can be used to decode encoded command lines, especially in PowerShell?
Select one that applies, and then click Submit.
- strings.decode
- strings.base64_decode
- strings.hashmatch
- strings.encode
Select one that applies, and then click Submit.
- Metadata event type
- Data Application Programming Interface (API)
- Metadata path
- Data label
What are the extract functions used in Google’s Configuration-based Normalization?
Select one that applies, and then click Submit.
- JSON, XML, KV, GROK, and CSV
- JSON, TSV, KV, and CSV
- XML, KV, CSV, TSV, and SQL
- XML, KV, and CSV
Select one that applies, and then click Submit.
- Regex and field query
- Unified Data Model (UDM) Search and grep regex
- Unified Data Model (UDM) Search and Raw Log Scan
- Unified Data Model (UDM) Search and YARA-L
Select one that applies, and then click Submit.
- Actor, Smishing, and Vulnerability
- Actor, Malware, and Vulnerability
- Vulnerability, Insider Threat, and Phishing
- Actor, Phishing, and Vulnerability
Select one that applies, and then click Submit.
- Threat Intelligence Security Operations
- Malware Intelligence Operations
- Threat Operations
- Security Operations Assistance Platform
Select one that applies, and then click Submit.
- Deep Web Threat Monitoring
- Dark Search Tools
- Digital Threat Monitoring
- Digital Actor Monitoring
Select one that applies, and then click Submit.
- Mandiant Threat Level Report
- Threat Aggregation
- Mandiant Weather Report
- Threat Intelligence Fusion
Mandiant Threat Intelligence malware profiles include malware detections written in what language?
Select one that applies, and then click Submit.
- SQL
- YARA
- KSQL
- Snort
Select one that applies, and then click Submit.
- /v4/actor
- /v4/actors.all
- /mandiant/threatactors
- /mati/actors
Select one that applies, and then click Submit.
- /v4/actors
- /v4/vulnerability.all
- /v4/vulnerability
- /v4/vuln
Select one that applies, and then click Submit.
- /var/indicators.all
- /v4/threats/indicators
- /v4/actor/indicator
- /v4/indicator
Select one that applies, and then click Submit.
- Supply chain attack
- Phishing attack
- RAT-based attack
- Insider threat
Select one that applies, and then click Submit.
- Insider Threat
- When integrating into Cloud Assets or third party tools
- Always
- Never
Mandiant Attack Surface Management (ASM) discovers technologies using what method?
Select one that applies, and then click Submit.
- Secure SHell (SSH) prompt scanning
- Simple Network Management Protocol (SNMP) query
- Banner scanning
- Fingerprinting
Select one that applies, and then click Submit.
- Insights
- Big Picture
- Executive Review
- 30,000 Foot View
In Attack Surface Management, what is a seed?
Select one that applies, and then click Submit.
- A foothold where an attacker might gain entry to an environment
- A specific piece of software running on an entity
- A zip file downloaded to an endpoint
- A starting point for discovery
Select three that apply, and then click Submit.
- Vulnerabilities
- Misconfigurations
- Expired Certificates
- Disabled Endpoint Solution
Select one that applies, and then click Submit.
- Tenable
- PaloAlto Xpanse
- JIRA
- Trellix Helix
Select one that applies, and then click Submit.
- Associated Issues
- Discovery Context
- Entity Context
- Scoping Map
What collection scan settings can be supplied if custom input types are required?
Select one that applies, and then click Submit.
- Cookies, Ports, and Headers
- Cookies, Internet Protocol (IP) Addresses, and Authentication Tokens
- Ports, Cookies, and Secure SHell (SSH) Keys
- Headers, Bearer Tokens, and Internet Protocol (IP) Addresses
What are the main types of actors used in Mandiant Security Validation?
Select two that apply, and then click Submit.
- Server
- Network
- Database
- Endpoint
What happens to an Actor in a protected Theater after the conclusion of each test?
Select one that applies, and then click Submit.
- They are deleted.
- They are reverted to their original state.
- They are reverted to a traditional endpoint actor.
- An Automated Environmental Change/Drift Analysis (AEDA) job is generated for that actor for all actions in the test.
Select one that applies, and then click Submit.
- Endpoint Protected Theater
- Threat Actor Assurance Module
- Email Theater
- Advanced Environmental Drift Analysis
Select three that apply, and then click Submit.
- Customer Validation Use Cases
- Customer Network Infrastructure and Deployed Security Controls
- Customer Internet Egress Internet Protocol (IP) Addresses
- Customer Security Lifecycle Framework
Select two that apply, and then click Submit.
- Resource Development
- Reconnaissance
- Command and Control
- Defense Evasion
How do you Sync integrations between your Director and Third party integrations?
Select one that applies, and then click Submit.
- Go to Settings > Integrations. Locate the integration you want to sync to the appropriate table. Click the vertical ellipses in the last column. Click Sync in the drop-down list. Wait for the sync to complete.
- Go to Settings > Configuration. Configure the Application you want to sync in the appropriate table. Click the vertical ellipses in the last column. Click Sync in the drop-down list. Wait for the sync to complete.
- Integrations do not need to Synchronize with the director, only output from the alerting system is required.
- You do not need to Sync them, it is automated.
Select one that applies, and then click Submit.
- Director
- Agents
- Actors
- Modules
What is the scope of selecting the “All Environments” button when creating a playbook?
Select one that applies, and then click Submit.
- The function will run on all future environments.
- The function will run all the time, regardless of the playbook selection.
- The function will run on all current environments.
- This function created within the playbook will run on all current environments as well as on all future environments.
Select one that applies, and then click Submit.
- Repeatable actions
- Condition features
- Insight features
Who typically has sufficient rights to turn off the “simulator” mode?
Select one that applies, and then click Submit.
- Security Operations Center (SOC) Analyst
- Assistant
- Admin
Select one that applies, and then click Submit.
- Connectors notify us of any errors in the alert ingestion process. Jobs notify if a specific job has failed at least three times (sends a notification for each specific job once every three hours).
- Connectors are used to ingest cases into the platform. Jobs support healthcheck and synchonization tasks.
- Jobs are used to ingest cases into the platform. Connectors support healthcheck and synchonization tasks.
- Connectors include tasks or actions to be performed by the playbook. Jobs are notified if a specific action has failed at least three times across all cases it was performed in.
Where can you check all the Active System Modules?
Select one that applies, and then click Submit.
- Integrations
- Permissions
- Ontology
- License Management
How can a manual action within a playbook be identified?
Select one that applies, and then click Submit.
- The purple color
- Hand symbol
- “M” letter
- “MAN” letters
Select one that applies, and then click Submit.
- Blocks
- Actions
- Events
- Playbooks
Where can you find the execution log of an Alert?
Select one that applies, and then click Submit.
- Action
- Problem
- Chronicle Blog
- Case
Select one that applies, and then click Submit.
- Security Information and Event Management (SIEM) vendors
- Power Ups and Integrations
- Phishing Alert Tips