Google Cloud Professional Security Operations Engineer — Question 1

You are implementing Google Security Operations (SecOps) at your organization. You discover that the current detection rules are too noisy. Due to the high volume of alerts, some true positives might be missed. You want to ingest additional context sources to reduce false positives in your security detections and to improve the overall positive ratio of the alerts. What should you do?

Answer options

• A. Ingest high-value asset (HVA) data from your configuration management database (CMDB) system to increase the priority of the alerts based on the sensitivity of the assets found in the detection rules.
• B. Ingest dark web forum handlers from your threat intelligence system to match dark web principals within the detection rules.
• C. Ingest IOCs from your threat intelligence system to validate the IP addresses, domains and hashes with the detection rules.
• D. Ingest tactics, techniques, and procedures (TTPs) from your threat intelligence system to validate the processes and tools with the detection rules.

Correct answer: A

Explanation

The correct answer is A because ingesting high-value asset data helps prioritize alerts based on the sensitivity of the assets, which can effectively reduce false positives. Options B, C, and D focus on identifying threats or validating indicators but do not address the need to prioritize alerts based on asset sensitivity, which is crucial for improving the overall alert accuracy.