nerdexam
Google

PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #96

PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #96: Real Exam Question with Answer & Explanation

The correct answer is A. Configure a rule exclusion for the network.asset.ip field.. Since the false positives are originating from your on-premises proxy servers, you should exclude their IPs from triggering alerts. In Google SecOps curated detections, the network.asset.ip field represents the IP address of the internal asset generating traffic. Configuring a ru

Question

Your organization uses the curated detection rule set in Google Security Operations (SecOps) for high priority network indicators. You are finding a vast number of false positives coming from your on-premises proxy servers. You need to reduce the number of alerts. What should you do?

Options

  • AConfigure a rule exclusion for the network.asset.ip field.
  • BConfigure a rule exclusion for the principal.ip field.
  • CConfigure a rule exclusion for the target.domain field.
  • DConfigure a rule exclusion for the target.ip field.

Explanation

Since the false positives are originating from your on-premises proxy servers, you should exclude their IPs from triggering alerts. In Google SecOps curated detections, the network.asset.ip field represents the IP address of the internal asset generating traffic. Configuring a rule exclusion on this field ensures that alerts from the proxy server IPs are suppressed, reducing false positives without affecting other detections.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Practice