SecOps SOAR integration with SCC uses a service account with read access at the org level. Actions to update finding states fail due to permission issues. Which least-privilege change should you implement?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Google SecOps Professional Engineer Test with our interactive quiz. Utilize flashcards and multiple-choice questions with hints and explanations to boost your readiness and confidence.

Multiple Choice

SecOps SOAR integration with SCC uses a service account with read access at the org level. Actions to update finding states fail due to permission issues. Which least-privilege change should you implement?

Explanation:
The main idea is granting the minimal permission needed to update findings in Security Command Center. To change a finding’s state, the service account must have write access to findings. The findingsEditor role provides the necessary ability to edit findings (including updating their state) at the org level, which is the smallest permission set that enables the required action across the organization. Granting this at the org level gives the needed access without adding broader or unrelated capabilities. The bulk mute editor role is too narrow for this task; it focuses on muting findings in bulk and may not cover general state updates. The other options aren’t about finding permissions at all—they deal with identity management or credentials, not the ability to modify findings.

The main idea is granting the minimal permission needed to update findings in Security Command Center. To change a finding’s state, the service account must have write access to findings. The findingsEditor role provides the necessary ability to edit findings (including updating their state) at the org level, which is the smallest permission set that enables the required action across the organization. Granting this at the org level gives the needed access without adding broader or unrelated capabilities.

The bulk mute editor role is too narrow for this task; it focuses on muting findings in bulk and may not cover general state updates. The other options aren’t about finding permissions at all—they deal with identity management or credentials, not the ability to modify findings.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy