Google
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #11
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #11: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to reveal the answer and full explanation for question #11. The question stem and answer options stay visible for context.
Question
Your company uses Google Security Operations (SecOps) Enterprise and is ingesting various logs. You need to proactively identify potentially compromised user accounts. Specifically, you need to detect when a user account downloads an unusually large volume of data compared to the user's established baseline activity. You want to detect this anomalous data access behavior using the least amount of effort. What should you do?
Options
- AInspect Security Command Center (SCC) default findings for data exfiltration in Google SecOps.
- BCreate a log-based metric in Cloud Monitoring, and configure an alert to trigger if the data
- CDevelop a custom YARA-L detection rule in Google SecOps that counts download bytes per user
- DEnable curated detection rules for User and Endpoint Behavioral Analytics (UEBA), and use the
Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER questions. Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.