Google Cloud Professional Security Operations Engineer — Question 14

You are tasked with building a workflow in Google Security Operations (SecOps) SOAR. The documentation you are using requires a logical split that has eight different possible paths. You need to break the workflow into eight separate workflows using an automatic and efficient approach. What should you do?

Answer options

• A. Create eight playbooks for each workflow. Configure the triggered playbook to end on an instruction action that tells the analyst to pick a workflow from the playbooks tab and attach that workflow to the alert.
• B. Create eight playbooks for each workflow. Create a job that identifies your recently opened cases, applies the needed logic to determine which of the eight workflows should be attached, and attaches that workflow to the alert.
• C. Create a playbook that uses a flow condition. Add four more branches to have a total of five branches and an "Else" branch. On the "Else" branch, include another flow condition. Include the remaining three branches with the logic required.
• D. Create a playbook that uses a Multi-Choice Question flow and a second Multi-Choice Question for the additional answer choices. Add instructions describing which logic to use in the instruction or question fields. Have the analyst select the appropriate answer to move the flow into the right branch.

Correct answer: C

Explanation

The correct answer is C because it effectively breaks down the workflow into multiple branches, utilizing conditions to manage the different paths logically. The other options are less efficient; A requires manual intervention from analysts, B complicates the process with extra jobs, and D relies on user input which may lead to inconsistencies.