Questions

 

In Google SecOps, assigning the Admins role to a user gives them access to how many SOAR Env’s by default?

 

• All
• 1
• 2
• 3

 

 

Chronicle SIEM had a Legacy RBAC system that was replaced with what GCP technology?

 

• Google Cloud Identity
• Google Workforce Identity Federation
• Cloud IAM
• GMail Access Controls

 

 

Role-based Access Control (RBAC) in Google SecOps provides the ability to administer what two aspects of Google SecOps?

 

• Features and Data
• Threat Intelligence and AI
• People and Entities
• Rules and DataTables

 

 

The Data RBAC feature allows you to create scoped or global data access policies that apply to what kinds of data in Google SecOps

 

• SIEM Search, Detection Rules, Reference Lists, Native Dashboards
• Ontology, Detection Rules. Reference Lists, Native Dashboards
• Entity Graph, Ontology, Detection Rules
• SIEM Search, Ontology, Cases, Detection Rules

 

 

When a scope has been defined and assigned to a user, what is the best way to verify which scopes were assigned?

 

• Navigate to Settings -> SIEM Settings -> Profile and look for assigned Data Access scopes.
• Use the Customer Management API to pull a list of users and their scopes.
• Run a search across all data using Regex and listing the LogTypes provided.
• Refer to the configuration in Workforce Identity Federation or Cloud Identity to see the roles assigned.

 

 

Which of the following data sources can be configured as a Direct ingestion data source?

 

• SCC Findings
• Any log source relayed by Bindplane
• AWS GuardDuty
• Azure Entra ID