Valid Security-Operations-Engineer Dumps shared by EduDump.com for Helping Passing Security-Operations-Engineer Exam! EduDump.com now offer the newest Security-Operations-Engineer exam dumps, the EduDump.com Security-Operations-Engineer exam questions have been updated and answers have been corrected get the newest EduDump.com Security-Operations-Engineer dumps with Test Engine here:
You are a SOC manager at an organization that recently implemented Google Security Operations (SecOps). You need to monitor your organization's data ingestion health in Google SecOps. Data is ingested with Bindplane collection agents. You want to configure the following: * Receive a notification when data sources go silent within 15 minutes. * Visualize ingestion throughput and parsing errors. What should you do?
Correct Answer: D
Comprehensive and Detailed Explanation The correct solution is Option D. This approach correctly uses the integrated Google Cloud-native tools for both monitoring and alerting. Google Security Operations (SecOps) automatically streams all ingestion metrics to Google Cloud Monitoring. This includes metrics for throughput (e.g., chronicle.googleapis.com/ingestion/event_count, chronicle.googleapis.com/ingestion/byte_count), parsing errors (e.g., chronicle.googleapis.com/ingestion /parse_error_count), and the health of collection agents (e.g., chronicle.googleapis.com/ingestion /last_seen_timestamp). * Receive a notification (15 minutes): The Data Ingestion and Health dashboard (Option A) is for visualization, and its "reports" are scheduled summaries, not real-time alerts. The only way to get a 15- minute notification is to use Cloud Monitoring. An alerting policy can be configured to trigger when a "metric absence" is detected for a specific collection agent's last_seen_timestamp, fulfilling the "silent source" requirement. * Visualize metrics: Cloud Monitoring also provides a powerful dashboarding service. A Cloud Monitoring dashboard can be built to graph all the necessary metrics-throughput, parsing errors, and agent status-in one place. Option C is incorrect because it suggests using the Bindplane Observability Pipeline, which is a separate product. Option B is incorrect as Risk Analytics is for threat detection (UEBA), not platform health. Exact Extract from Google Security Operations Documents: Use Cloud Monitoring for ingestion insights: Google SecOps uses Cloud Monitoring to send the ingestion notifications. Use this feature for ingestion notifications and ingestion volume viewing. Set up a sample policy to detect silent Google SecOps collection agents: * In the Google Cloud console, select Monitoring. * Click Create Policy. * On the Select a metric page, select Chronicle Collector > Ingestion > Total ingested log count. * In the Transform data section, set the Time series group by to collector_id. * Click Next. * Select Metric absence and set the Trigger absence time (e.g., 15 minutes). * In the Notifications and name section, select a notification channel. You can also create custom dashboards in Cloud Monitoring to visualize any of the exported metrics, such as Total ingested log size or Total record count (for parsing). References: Google Cloud Documentation: Google Security Operations > Documentation > Ingestion > Use Cloud Monitoring for ingestion insights Google Cloud Documentation: Google Security Operations > Documentation > Ingestion > Silent-host monitoring > Use Google Cloud Monitoring with ingestion labels for SHM