Google
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #79
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #79: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to reveal the answer and full explanation for question #79. The question stem and answer options stay visible for context.
Question
You are using Google Security Operations (SecOps) to hunt for signs of lateral movement through Remote Desktop Protocol (RDP) in your organization. You suspect that a compromised account was used to access multiple internal systems within a short time window. You want to construct a UDM-based search to identify this activity. How should you build this query? (Choose two.)
Options
- AFilter for RDP connections with non-standard ports.
- BFilter for events using protocol-level attributes that indicate RDP connections.
- CGroup events by user identity and time to identify repeated access patterns.
- DCorrelate events based on the asset role or classification such as database or user workstation.
- EUse a saved search to identify all events with the LATERAL_MOVEMENT tag over the past 30
Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER questions. Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.