Google
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #57
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #57: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to reveal the answer and full explanation for question #57. The question stem and answer options stay visible for context.
Question
You are ingesting and parsing logs from an SSO provider and an on-premises appliance using Google Security Operations (SecOps). Users are tagged as "restricted" by an internal process. Restrictions last five days from the most recent flagging time. You need to create a rule to detect when restricted users log into the appliance. Your solution must be quickly implemented and easily maintained. What should you do?
Options
- AUse a Google SecOps SOAR global context value to store a list of flagged users with their
- BStore the identifiers of the flagged users in the detection rule logic. Actively monitor for newly
- CIngest the user flags as custom enrichment data using a feed. Use a multi-event detection rule to
- DStore the flagged users in a data table column with their corresponding time to live values in a
Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER questions. Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.