Exam Security-Operations-Engineer Topic 3 Question 2 Discussion
Actual exam question for Google's Security-Operations-Engineer exam
Question #: 2
Topic #: 3
Question #: 2
Topic #: 3
You are using Google Security Operations (SecOps) to hunt for signs of lateral movement through Remote Desktop Protocol (RDP) in your organization. You suspect that a compromised account was used to access multiple internal systems within a short time window. You want to construct a UDM-based search to identify this activity. How should you build this query? (Choose two.)
Suggested Answer: B,C Vote an answer
Filtering for events using protocol-level attributes that indicate RDP connections ensures that the search specifically targets RDP sessions.
Grouping events by user identity and time allows you to identify repeated access patterns, which is a strong indicator of lateral movement when a single account accesses multiple systems in a short timeframe.
Grouping events by user identity and time allows you to identify repeated access patterns, which is a strong indicator of lateral movement when a single account accesses multiple systems in a short timeframe.
by Bess at Jul 02, 2026, 07:30 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).