nerdexam
Google

PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #54

PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #54: Real Exam Question with Answer & Explanation

The correct answer is C. Search for the external IP address in the Alerts & IOCs page in Google SecOps.. The fastest way to gather context and assess the reputation of the unfamiliar external IP is to search for the IP in the Alerts & IOCs page in Google SecOps. This page integrates with Google Threat Intelligence and enrichment data, allowing you to quickly evaluate whether the IP

Question

Your organization has mission-critical production Compute Engine VMS that you monitor daily. While performing a UDM search in Google Security Operations (SecOps), you discover several outbound network connections from one of the production VMs to an unfamiliar external IP address occurring over the last 48 hours. You need to use Google SecOps to quickly gather more context and assess the reputation of the external IP address. What should you do?

Options

  • AExamine the Google SecOps Asset view details for the production VM.
  • BCreate a new detection rule to alert on future traffic from the external IP address.
  • CSearch for the external IP address in the Alerts & IOCs page in Google SecOps.
  • DPerform a UDM search to identify the specific user account that was logged into the production

Explanation

The fastest way to gather context and assess the reputation of the unfamiliar external IP is to search for the IP in the Alerts & IOCs page in Google SecOps. This page integrates with Google Threat Intelligence and enrichment data, allowing you to quickly evaluate whether the IP is malicious and see any related alerts or indicators in your environment.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Practice