🔥 3-day streak
Professional Security Operations Engineer87 / 241
Question 87 of 241
A security operations team runs Google SecOps as their primary detection platform, with SCC forwarding findings and GTI enriching indicators. After a phishing campaign, analysts complain they spend excessive manual time triaging alerts: pulling context from GTI, checking asset criticality in SCC, and executing repetitive containment steps like disabling accounts. Leadership wants to reduce mean time to respond without adding new detection tools. Which platform capability should the engineer configure to address this operational gap?
Reviewed for accuracy · Report an issueNext question