Google
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #110
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #110: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to reveal the answer and full explanation for question #110. The question stem and answer options stay visible for context.
Question
You received an IOC from your threat intelligence feed that is identified as a suspicious domain used for command and control (C2). You want to use Google Security Operations (SecOps) to investigate whether this domain appeared in your environment. You want to search for this IOC using the most efficient approach. What should you do?
Options
- ARun a raw log search to search for the domain string.
- BConfigure a UDM search that queries the DNS section of the network noun.
- CEnable Group by Field in scan view to cluster events by hostname.
- DEnter the IOC into the IOC Search feature, and wait for detections with this domain to appear in
Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER questions. Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.