Google
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #103
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #103: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to reveal the answer and full explanation for question #103. The question stem and answer options stay visible for context.
Question
You are implementing Google Security Operations (SecOps) for your organization. Your organization has their own threat intelligence feed that has been ingested to Google SecOps by using a native integration with a Malware Information Sharing Platform (MISP). You are working on the following detection rule to leverage the command and control (C2) indicators that were ingested into the entity graph. What code should you add in the detection rule to filter for the domain IOCs?
Exhibit
Options
- A$ioc.graph.metadata.entity_type = "DOMAIN_NAME"
- B$ioc.graph.metadata.entity_type = "DOMAIN_NAME"
- C$ioc.graph.metadata.entity_type = "DOMAIN_NAME"
- D$ioc.graph.metadata.entity_type = "DOMAIN_NAME"
Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER questions. Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.