🔥 3-day streak
Professional Security Operations Engineer123 / 241
Question 123 of 241
During a phishing incident, a Google SecOps SOAR playbook automatically disables the compromised user's account, revokes active sessions, and quarantines the reported email. A transient API timeout causes the playbook to fail midway and the auto-retry logic re-executes the entire action block. Analysts later discover the retry generated duplicate ServiceNow tickets and repeated notification emails, though the account was already disabled. What is the most effective design change to prevent this class of problem in future playbook runs?
Reviewed for accuracy · Report an issueNext question