PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #114
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #114: Real Exam Question with Answer & Explanation
The correct answer is D. Ingest logs from your threat intelligence platform (TIP), and build a multi-event rule that correlates. The most effective and efficient approach is to ingest threat intelligence platform (TIP) logs and build a multi-event rule in Google SecOps that correlates domains found in your NDR logs with your TIP's known malicious domains. This method quickly narrows detection scope to high
Question
Options
- AIngest logs from a domain monitoring service, and build a multi-event rule that correlates the
- BBuild a Google SecOps SOAR playbook that enriches domain entities in alerts with VirusTotal
- CBuild a multi-event rule that correlates the domains found in your NDR logs with WHOIS context
- DIngest logs from your threat intelligence platform (TIP), and build a multi-event rule that correlates
Explanation
The most effective and efficient approach is to ingest threat intelligence platform (TIP) logs and build a multi-event rule in Google SecOps that correlates domains found in your NDR logs with your TIP's known malicious domains. This method quickly narrows detection scope to high- confidence IOCs, reduces noise, and minimizes cost and complexity compared to manual enrichment or additional monitoring services.
Community Discussion
No community discussion yet for this question.