
Google Cloud Certified - Professional Security Operations Engineer (PSOE) - Security-Operations-Engineer Exam Questions
QUESTION NO: 1
You work at a financial services company. You need to detect in near real-time when a Cloud Run functions service agent modifies the IAM policy of an Artifact Registry repository. You plan to use Security Command Center (SCC). You want to follow the Google-recommended approach.
What should you do?
You work at a financial services company. You need to detect in near real-time when a Cloud Run functions service agent modifies the IAM policy of an Artifact Registry repository. You plan to use Security Command Center (SCC). You want to follow the Google-recommended approach.
What should you do?
Correct Answer: C
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 2
You are planning log onboarding for a Google Security Operations (SecOps) SIEM deployment in a cloud-heavy enterprise environment. The detection engineering team is requesting log sources that support visibility into:
- User identity behavior
- Lateral movement
- Privilege escalation attempts
You need to determine which telemetry sources are ingested first. Which log source should you prioritize?
You are planning log onboarding for a Google Security Operations (SecOps) SIEM deployment in a cloud-heavy enterprise environment. The detection engineering team is requesting log sources that support visibility into:
- User identity behavior
- Lateral movement
- Privilege escalation attempts
You need to determine which telemetry sources are ingested first. Which log source should you prioritize?
Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 3
During a high-priority phishing incident at your company, Google Security Operations (SecOps) created and assigned the case to a Tier 1 analyst. The analyst added email headers and attached the malicious file as evidence but failed to escalate the case, violating an internal SLA of
30 minutes for a phishing response. The delay led to multiple users opening the file before containment actions were initiated. You want to optimize the case management workflow for future high-priority incidents. What should you do?
During a high-priority phishing incident at your company, Google Security Operations (SecOps) created and assigned the case to a Tier 1 analyst. The analyst added email headers and attached the malicious file as evidence but failed to escalate the case, violating an internal SLA of
30 minutes for a phishing response. The delay led to multiple users opening the file before containment actions were initiated. You want to optimize the case management workflow for future high-priority incidents. What should you do?
Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 4
Your organization uses Google Security Operations (SecOps). You discover frequent file downloads from a shared workspace within a short time window. You need to configure a rule in Google SecOps that identifies these suspicious events and assigns higher risk scores to repeated anomalies. What should you do?
Your organization uses Google Security Operations (SecOps). You discover frequent file downloads from a shared workspace within a short time window. You need to configure a rule in Google SecOps that identifies these suspicious events and assigns higher risk scores to repeated anomalies. What should you do?
Correct Answer: B
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 5
Your company requires PCI DSS v4.0 compliance for its cardholder data environment (CDE) in Google Cloud. You use a Security Command Center (SCC) security posture deployment based on the PCI DSS v4.0 template to monitor for configuration drift. This posture generates a finding indicating that a Compute Engine VM within the CDE scope has been configured with an external IP address. You need to take an immediate action to remediate the compliance drift identified by this specific SCC posture finding. What should you do?
Your company requires PCI DSS v4.0 compliance for its cardholder data environment (CDE) in Google Cloud. You use a Security Command Center (SCC) security posture deployment based on the PCI DSS v4.0 template to monitor for configuration drift. This posture generates a finding indicating that a Compute Engine VM within the CDE scope has been configured with an external IP address. You need to take an immediate action to remediate the compliance drift identified by this specific SCC posture finding. What should you do?
Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 6
Which approach BEST improves detection of compromised service accounts in Google Cloud?
Which approach BEST improves detection of compromised service accounts in Google Cloud?
Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).




