Google
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #122
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #122: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to reveal the answer and full explanation for question #122. The question stem and answer options stay visible for context.
Question
You are responsible for identifying suspicious activity and security events at your organization. You have been asked to search in Google Security Operations (SecOps) for network traffic associated with an active HTTP backdoor that runs on TCP port 5555. You want to use the most effective approach to identify traffic originating from the server that is running the backdoor. What should you do?
Options
- ADetect on events where network.ApplicationProtocol is HTTP.
- BDetect on events where target.port is 5555.
- CDetect on events where principal.port is 5555.
- DDetect on events where network.ip_protocol is TCP.
Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER questions. Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.