nerdexam
Google

PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #130

PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #130: Real Exam Question with Answer & Explanation

The correct answer is A. Write a rule in Google Security Operations (SecOps) that scans historic network outbound. The fastest and most effective way to identify unknown C2 nodes within 24 hours is to write a detection rule in Google SecOps that compares historic outbound connections against ingested threat intelligence, then run it as a retrohunt across the full tenant. Retrohunt enables rap

Question

Your team is responsible for cybersecurity for a large multinational corporation. You have been tasked with identifying unknown command and control nodes (C2s) that are potentially active in your organization's environment. You need to generate a list of potential matches within the next 24 hours. What should you do?

Options

  • AWrite a rule in Google Security Operations (SecOps) that scans historic network outbound
  • BLoad network records into BigQuery to identify endpoints that are communicating with domains
  • CReview Security Health Analytics (SHA) findings in Security Command Center (SCC).
  • DWrite a YARA-L rule in Google Security Operations (SecOps) that compares network traffic of

Explanation

The fastest and most effective way to identify unknown C2 nodes within 24 hours is to write a detection rule in Google SecOps that compares historic outbound connections against ingested threat intelligence, then run it as a retrohunt across the full tenant. Retrohunt enables rapid scanning of past telemetry at scale to surface potential matches without waiting for new events to

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Practice