Exam Security-Operations-Engineer Topic 3 Question 140 Discussion

Actual exam question for Google's Security-Operations-Engineer exam
Question #: 140
Topic #: 3
You have a close relationship with a vendor who reveals to you privately that they have discovered a vulnerability in their web application that can be exploited in an XSS attack. This application is running on servers in the cloud and on-premises. Before the CVE is released, you want to look for signs of the vulnerability being exploited in your environment. What should you do?

Suggested Answer: A Vote an answer

The correct approach is to create a YARA-L 2.0 rule that detects a sequence of events where an external inbound connection to a server is followed by a process spawning previously unseen subprocesses. This behavior-based detection can identify potential exploitation of the XSS vulnerability in your environment before a CVE is publicly released, without relying on signatures or external threat intelligence.

by Allen at Jul 16, 2026, 08:25 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10