Exam Security-Operations-Engineer Topic 4 Question 14 Discussion
Actual exam question for Google's Security-Operations-Engineer exam
Question #: 14
Topic #: 4
Question #: 14
Topic #: 4
You are a SOC analyst working a case in Google Security Operations (SecOps). The case contains a file hash that your playbooks have automatically enriched with VirusTotal context and categorized as likely malicious. You need to quickly identify devices and users in your organization who have interacted with this file. What should you do?
Suggested Answer: A Vote an answer
The most effective approach is to build a playbook to perform a UDM search matching on the file hash in Google SecOps SIEM. This will automatically search across your ingested telemetry to identify all devices and users that have interacted with the file, accelerating response and investigation without requiring manual intervention.
by Odelia at Mar 29, 2026, 04:35 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).