nerdexam
Google

PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #13

PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #13: Real Exam Question with Answer & Explanation

The correct answer is D. Enable data sharing for Google Workspace Admin Audit logs, and ensure that Event Threat. To detect insider threats involving Google Group privilege modifications, you need Google Workspace Admin Audit logs, which capture group membership and sharing changes. By enabling data sharing of these logs with SCC and ensuring Event Threat Detection (ETD) is enabled, SCC will

Question

Your company wants to enhance its detection capabilities to prevent insider threat incidents. You need to be alerted when a privileged Google Group is modified to allow access to the general public. You need to identify and enable the optimal log source, and configure the alert. What should you do?

Options

  • AEnable Google Drive log events. Create a reporting rule that triggers when a file sharing event
  • BEnable VPC Flow Logs for the default VPC network. Configure a log-based alert in Cloud Logging
  • CEnable IAM Admin Activity audit logs, and export the logs to Google Security Operations
  • DEnable data sharing for Google Workspace Admin Audit logs, and ensure that Event Threat

Explanation

To detect insider threats involving Google Group privilege modifications, you need Google Workspace Admin Audit logs, which capture group membership and sharing changes. By enabling data sharing of these logs with SCC and ensuring Event Threat Detection (ETD) is enabled, SCC will automatically generate findings for risky modifications, such as making a privileged group publicly accessible. This provides the optimal log source and automated alerting with minimal effort.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Practice