Google
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #22
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #22: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to reveal the answer and full explanation for question #22. The question stem and answer options stay visible for context.
Question
During a proactive threat hunting exercise, you discover that a critical production project has an external identity with a highly privileged IAM role. You suspect that this is part of a larger intrusion, and it is unknown how long this identity has had access. All logs are enabled and routed to a centralized organization-level Cloud Logging bucket, and historical logs have been exported to BigQuery datasets. You need to determine whether any actions were taken by this external identity in your environment. What should you do?
Options
- AUse Policy Analyzer to identity the resources that are accessible by the external identity. Examine
- BAnalyze VPC Flow Logs exported to BigQuery, and correlate source IP addresses with potential
- CAnalyze IAM recommender insights and Security Command Center (SCC) findings associated
- DExecute queries against the centralized Cloud Logging bucket and the BigQuery dataset to filter
Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER questions. Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.