Questions

 

In Google SecOps, UDM is a schema that applies structure to the data for faster search and enrichment among many other benefits. What does UDM stand for?

 

• Universal Data Model
• Unified Data Management
• Unified Data Model
• Universal Data Management

 

 

UDM Grouped fields provide a shortcut for searching across multiple UDM fields of similar data type. Which of the following are 3 of the 9 grouped fields?

 

• domain, source, time
• domain, email, file path
• namespace, file path, date
• time, destination, path

 

 

UDM and Data Parsing allow Google SecOps to provide rich contextual data to events. How can one tell when data isn enriched in the Google SecOps interface?

 

• Enriched fields are not displayed until they are present in a case.
• The enriched fields are the only fields displayed.
• The enriched fields are annotated with an ‘E’
• Enriched fields are created with the outcome section of an alert.

 

 

Google SecOps can accept and reference data that describes objects such as devices, users, machines, and file hashes. How can that dat a be used in YARA-L based Threat Detection?

 

• Using the entity graph syntax
• preprending ‘e’ to the field name
• referencing functions that use Google Threat Intel
• Using a join from an external database

 

 

What is the name of the API that enables users to create and manage rules?

 

• Detection Engine API
• Ingestion API
• Threat Rule API
• Alert API

 

 

The Google SecOps search interface provides two methods to search data. What are they?

 

• Raw and Event
• Event and Entity
• Raw and Alerts
• Raw and UDM