Exam Security-Operations-Engineer Topic 3 Question 10 Discussion

Actual exam question for Google's Security-Operations-Engineer exam
Question #: 10
Topic #: 3
Your Google Security Operations (SecOps) instance is generating alerts for unusual login times from multiple user accounts. Your SOC analysts are reporting a high number of the alerts are false positives involving service accounts used by scheduled automation tasks. You want to refine the detection logic using entity-level context available in Google SecOps. You want to use the most effective approach. What should you do?

Suggested Answer: B Vote an answer

The most effective approach is to modify the rule to include the condition principal.user.type !=
"service_account". This directly uses entity-level context to exclude service accounts from triggering alerts for unusual login times, significantly reducing false positives without complex maintenance or manual list management.

by Chad at Feb 10, 2026, 08:25 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10