Google Cloud Professional Security Operations Engineer — Question 28

You are responsible for selecting and prioritizing potential sources of data to integrate with Google Security Operations (SecOps). Your company has recently started using several Google Cloud services to increase security in its Google Cloud organization. You need to determine which logs should be ingested into Google SecOps to reduce the effort required to write detections. What should you do?

Answer options

• A. Ingest Google Cloud Armor logs by using Cloud Logging.
• B. Deploy a Bindplane agent to ingest event logs from Compute Engine VMs that provide endpoint visibility.
• C. Integrate Security Command Center (SCC) into Google SecOps to ingest logs originating from the Google Cloud services.
• D. Use Google Threat Intelligence to gain insight about threat group behavior and support threat hunting activities.

Correct answer: C

Explanation

The correct answer is C because integrating Security Command Center into Google SecOps allows for the ingestion of various logs from Google Cloud services, enhancing security visibility and detection capabilities. Option A is incorrect as it focuses on one specific service's logs, while B is about deploying an agent for endpoint visibility rather than central log management. Option D, although useful for threat hunting, does not address the need for log ingestion into SecOps.