Exam Security-Operations-Engineer Topic 3 Question 140 Discussion
Actual exam question for Google's Security-Operations-Engineer exam
Question #: 140
Topic #: 3
Question #: 140
Topic #: 3
You have a close relationship with a vendor who reveals to you privately that they have discovered a vulnerability in their web application that can be exploited in an XSS attack. This application is running on servers in the cloud and on-premises. Before the CVE is released, you want to look for signs of the vulnerability being exploited in your environment. What should you do?
Suggested Answer: A Vote an answer
The correct approach is to create a YARA-L 2.0 rule that detects a sequence of events where an external inbound connection to a server is followed by a process spawning previously unseen subprocesses. This behavior-based detection can identify potential exploitation of the XSS vulnerability in your environment before a CVE is publicly released, without relying on signatures or external threat intelligence.
by Allen at Jul 16, 2026, 08:25 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).