Your organization has recently acquired Company A, which has its own SOC and security tooling. You have already configured ingestion of Company A's security telemetry and migrated their detection rules to Google Security Operations (SecOps). You now need to enable Company A's analysts to work their cases in Google SecOps. You need to ensure that Company A's analysts: do not have access to any case data originating from outside of Company A. are able to re-purpose playbooks previously developed by your organization's employees.

You need to minimize effort to implement your solution. What is the first step you should take?

You have identified and isolated a new malware sample installed by an advanced threat group that you believe was developed specifically for an attack against your organization. You want to quickly and efficiently analyze this malware to get IOCs without alerting the threat group. What should you do?

Your organization uses Cloud Identity as their identity provider (IdP) and is a Google Security Operations (SecOps) customer You need to grant a group of users access to the Google SecOps instance with read-only access to all resources, including detection engine rules. How should this be configured?

Your team is responsible for cybersecurity for a large multinational corporation. You have been tasked with identifying unknown command and control nodes (C2s) that are potentially active in your organization's environment. You need to generate a list of potential matches within the next 24 hours. What should you do?

You received an alert from Container Threat Detection that an added binary has been executed in a business critical workload. You need to investigate and respond to this incident. What should you do? (Choose two.)