GCP-PSOE
Threat hunting
medium
Question 5 of 35

A SOC wants to prioritize triage by organizational threat rather than by arrival time. Which workflow aligns with the Google SecOps investigation guidance?

AReview alerts chronologically only
BCopy the asset or username from the alert and pivot to Risk Analytics to review the entity risk score
CSuppress all low-severity alerts first
DCreate a new parser extension

More Threat hunting Questions

35 questions

Full Google Professional Security Operations Engineer Practice Test

All topics covered

All Google Professional Security Operations Engineer Questions

Browse by topic

Related Questions

In Google SecOps search, what does the grouped field ip do?...

easy

What is the purpose of watchlists in Google SecOps Risk Analytics?...

easy

An analyst wants to discover which UDM field contains a specific text value before writing a search ...

easy

An alert shows only a suspicious file hash and no direct asset identifier. What is the best next ste...

medium

An investigator needs to understand how a high-risk alert spread across related systems and accounts...

medium
View all Threat hunting questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account