Google
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #29
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #29: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to reveal the answer and full explanation for question #29. The question stem and answer options stay visible for context.
Question
You have been tasked with creating a YARA-L detection rule in Google Security Operations (SecOps). The rule should identify when an internal host initiates a network connection to an external IP address that the Applied Threat Intelligence Fusion Feed associates with indicators attributed to a specific Advanced Persistent Threat 41 (APT41) threat group. You need to ensure that the external IP address is flagged if it has a documented relationship to other APT41 indicators within the Fusion Feed. How should you configure this YARA-L rule?
Options
- AConfigure the rule to detect outbound network connections to the external IP address. Create a
- BConfigure the rule to establish a join between the live network connection event and Fusion Feed
- CConfigure the rule to check whether the external IP address from the network connection event
- DConfigure the rule to trigger when the external IP address from the network connection event
Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER questions. Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.