🔥 3-day streak
Professional Security Operations Engineer89 / 241
Question 89 of 241

Your SOC is deploying a Google SecOps SOAR playbook that automatically quarantines Compute Engine instances flagged by high-severity Cloud IDS detections. The playbook must call the Compute Engine API to apply firewall tags but should never be able to delete instances or modify IAM policies. During review, the security architect insists the automation follow least-privilege principles while remaining functional for the quarantine action. How should you configure the integration's credentials?

Reviewed for accuracy · Report an issueNext question