🔥 3-day streak
Professional Security Operations Engineer25 / 241
Question 25 of 241
Your organization has just onboarded a tier-1 SOC team into Google SecOps. These analysts must triage alerts, run UDM searches, and add comments to cases, but company policy forbids them from modifying detection rules, altering data ingestion settings, or exporting bulk log data. A junior engineer proposes granting the team the 'Chronicle API Admin' IAM role to ensure they have enough access to work efficiently. As the security operations engineer reviewing this request, what is the most appropriate action?
Reviewed for accuracy · Report an issueNext question