PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #6
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #6: Real Exam Question with Answer & Explanation
The correct answer is B. Sink the logs to BigQuery, and configure Cloud Run functions to execute a periodic job and. The correct approach is to sink logs to BigQuery, where you can perform windowing and advanced aggregations over time. Then, use Cloud Run functions to periodically query BigQuery and generate normalized alerts published to a Pub/Sub topic. From there, alerts can be written back
Question
Options
- ASend the logs to Cloud SQL, and run a scheduled query against these events using a Cloud Run
- BSink the logs to BigQuery, and configure Cloud Run functions to execute a periodic job and
- CUse log-based metrics to generate event-driven alerts for the detection scenarios. Configure a
- DCreate a series of aggregated log sinks for each required finding, and send the normalized
Explanation
The correct approach is to sink logs to BigQuery, where you can perform windowing and advanced aggregations over time. Then, use Cloud Run functions to periodically query BigQuery and generate normalized alerts published to a Pub/Sub topic. From there, alerts can be written back into SCC as findings via the SCC API, giving analysts a central interface for triage. This architecture supports large-scale environments, advanced calculations, and efficient integration
Community Discussion
No community discussion yet for this question.