🔥 3-day streak
Professional Security Operations Engineer125 / 241
Question 125 of 241
During an active incident, a Google SecOps SOAR playbook executes a multi-step containment sequence against a compromised workload: (1) disable the associated GCP service account key, (2) apply a deny-all firewall rule to the VM, and (3) revoke the user's active OAuth sessions. Step 1 and step 2 succeed, but step 3 fails because the identity provider API times out. The playbook halts. The on-call engineer must decide how the playbook should be designed to handle this partial-failure state. Which design choice best preserves incident response integrity?
Reviewed for accuracy · Report an issueNext question