Google Cloud Professional Security Operations Engineer — Question 21

You are receiving security alerts from multiple connectors in your Google Security Operations (SecOps) instance. You need to identify which IP address entities are internal to your network and label each entity with its specific network name. This network name will be used as the trigger for the playbook. What should you do?

Answer options

• A. Configure each network in the Google SecOps SOAR settings.
• B. Enrich the IP address entities as the initial step of the playbook.
• C. Modify the entity attribute in the alert overview.
• D. Create an outcome variable in the rule to assign the network name.

Correct answer: A

Explanation

The correct answer is A because configuring each network in the Google SecOps SOAR settings allows for proper identification and labeling of internal IP address entities. The other options, while they may provide some level of processing, do not address the need to predefine network names within the SecOps framework for effective playbook triggers.