Google
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #5
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #5: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to reveal the answer and full explanation for question #5. The question stem and answer options stay visible for context.
Question
Your company uses Security Command Center (SCC) and Google Security Operations (SecOps). Last week, an attacker attempted to establish persistence by generating a key for an unused service account. You need to confirm that you are receiving alerts when keys are created for unused service accounts and that newly created keys are automatically deleted. You want to minimize the amount of manual effort required. What should you do?
Options
- AGenerate a YARA-L rule in Google SecOps that detects when a service account key is created.
- BUse the Initial Access: Dormant Service Account Key Created finding from SCC, and ingest this
- CConfigure a Cloud Logging sink to write logs to a Pub/Sub topic that filters for the methodName:
- DUse the Initial Access: Dormant Service Account Key Created finding from SCC, and write this
Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER questions. Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.