Google Cloud Professional Security Operations Engineer — Question 15

Your organization has recently acquired Company A, which has its own SOC and security tooling. You have already configured ingestion of Company A's security telemetry and migrated their detection rules to Google Security Operations (SecOps). You now need to enable Company A's analysts to work their cases in Google SecOps. You need to ensure that Company A's analysts: do not have access to any case data originating from outside of Company A. are able to re-purpose playbooks previously developed by your organization's employees.
You need to minimize effort to implement your solution. What is the first step you should take?

Answer options

• A. Acquire a second Google SecOps SOAR tenant for Company A.
• B. Provision a new service account for Company A.
• C. Define a new SOC role for Company A.
• D. Create a Google SecOps SOAR environment for Company A.

Correct answer: D

Explanation

The correct answer is D because creating a dedicated Google SecOps SOAR environment for Company A allows you to set up a separate workspace that ensures their analysts only access their relevant case data. Options A and B do not directly address the requirement for a separate environment, while option C does not provide the necessary isolation for case data.