Google Cloud Professional Security Operations Engineer — Question 22

You are responsible for managing threat intelligence and IOC lists in your organization. You have compiled a list of IOCs from recent incidents. You want to quickly and efficiently share the IOCs with other teams for collaboration and integration into their operational processes. What should you do?

Answer options

• A. Create a list in Google Security Operations (SecOps), and grant the required access to the other teams.
• B. Export the IOCs from Google Threat Intelligence in CSV or JSON format, and email the file to the other teams.
• C. Add the IOCs to a collection in Google Threat Intelligence, and share the collection with the other teams.
• D. Create a new threat graph in Google Threat Intelligence, and share the graph with the other teams.

Correct answer: C

Explanation

The correct answer is C because sharing a collection in Google Threat Intelligence allows for efficient collaboration and integration, ensuring all teams have access to the same up-to-date information. Option A is not ideal as it uses Google SecOps, which may not be the best tool for sharing IOCs. Option B, while it shares the IOCs, is less efficient due to the need for email and potential version control issues. Option D, creating a new threat graph, may be more complex than necessary for simply sharing IOCs.