nerdexam
Google

PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #14

PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #14: Real Exam Question with Answer & Explanation

The correct answer is B. Query for hostnames in UDM Search and filter the results by user.. The correct approach is to query UDM Search for hostnames (or other asset identifiers) and filter results by the specific user. UDM normalizes logs into a common schema, allowing you to trace the user's interactions across endpoints, service accounts, and cloud resources within t

Question

You are using Google Security Operations (SecOps) to investigate suspicious activity linked to a specific user. You want to identify all assets the user has interacted with over the past seven days to assess potential impact. Your need to understand the user's relationships to endpoints, service accounts, and cloud resources. How should you identify user-to-asset relationships in Google SecOps?

Options

  • AUse the Raw Log Scan view to group events by asset ID.
  • BQuery for hostnames in UDM Search and filter the results by user.
  • CGenerate an ingestion report to identify sources where the user appeared in the last seven days.
  • DRun a retrohunt to find rule matches triggered by the user.

Explanation

The correct approach is to query UDM Search for hostnames (or other asset identifiers) and filter results by the specific user. UDM normalizes logs into a common schema, allowing you to trace the user's interactions across endpoints, service accounts, and cloud resources within the seven- day window. This provides a comprehensive view of user-to-asset relationships for impact

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Practice