🔥 3-day streak
Professional Security Operations Engineer95 / 241
Question 95 of 241
During an active incident, a Google SecOps SOAR playbook is triggered by a case involving a compromised Compute Engine VM showing signs of cryptomining and possible credential theft. Your IR team wants automation to contain the threat, but the incident may require legal follow-up and root cause analysis. Which sequencing of automated playbook actions best balances containment with the need for later forensic investigation?
Reviewed for accuracy · Report an issueNext question