Google
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #99
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #99: Real Exam Question with Answer & Explanation
The correct answer is D. Write UDM searches using YARA-L 2.0 syntax to find events where the IP address appears.. The most effective way to search across all normalized logs in Google SecOps is to use UDM searches with YARA-L 2.0 syntax. This ensures that the IP address is matched across all normalized log sources in a consistent format.
Question
You are a security analyst at an organization that uses Google Security Operations (SecOps). You have identified a new IP address that is known to be used by a malicious threat actor to launch network attacks. You need to search for this IP address in Google SecOps using all normalized logs to determine whether any malicious activity has occurred. You want to use the most effective approach. What should you do?
Options
- AWrite a YARA-L 2.0 detection rule that searches for events with the IP address.
- BRun raw log searches using the IP address as a search term.
- COn the Alerts & IOCs page, review results and entries where the IP address appears.
- DWrite UDM searches using YARA-L 2.0 syntax to find events where the IP address appears.
Explanation
The most effective way to search across all normalized logs in Google SecOps is to use UDM searches with YARA-L 2.0 syntax. This ensures that the IP address is matched across all normalized log sources in a consistent format.
Community Discussion
No community discussion yet for this question.