Google
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #49
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #49: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to reveal the answer and full explanation for question #49. The question stem and answer options stay visible for context.
Question
You are conducting a proactive threat hunt in Google Security Operations (SecOps). You observe multiple login events with the same principal.user.userid field that originate from different countries within a short time window. You need to validate whether the account has been compromised. What should you do?
Options
- AUse the entity graph to correlate the user's risk score with linked assets, and review any active
- BPerform a YARA-L 2.0 search for login events and their associated principal.location.country field.
- CPerform a UDM search for login events, and pivot to group results by user and country of origin.
- DRun a YARA-L retrohunt rule that detects users who are logging in from multiple regions using
Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER questions. Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.