nerdexam
Google

PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #107

PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #107: Real Exam Question with Answer & Explanation

The correct answer is C. Add the server to a Google Security Operations (SecOps) watchlist, and monitor the watchlist. The best approach is to add the server to a Google SecOps watchlist and monitor it closely. This allows you to continuously scrutinize the server for future suspicious activity, without overreacting or escalating prematurely, ensuring that any escalation is data-driven and based

Question

You observe several distinct, low-severity suspicious activities associated with a single internal server. You determine that no single event is a high-confidence IOC. You need to create a solution that ensures ongoing and heightened scrutiny for this server. What should you do?

Options

  • ASchedule a daily Google Security Operations (SecOps) report detailing all activity on this server.
  • BDevelop a YARA-L detection rule specific to this server.
  • CAdd the server to a Google Security Operations (SecOps) watchlist, and monitor the watchlist
  • DCreate a case, isolate the server from the network, and escalate the case for forensic

Explanation

The best approach is to add the server to a Google SecOps watchlist and monitor it closely. This allows you to continuously scrutinize the server for future suspicious activity, without overreacting or escalating prematurely, ensuring that any escalation is data-driven and based on accumulating

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Practice