Exam Security-Operations-Engineer Topic 4 Question 134 Discussion
Actual exam question for Google's Security-Operations-Engineer exam
Question #: 134
Topic #: 4
Question #: 134
Topic #: 4
You are responsible for identifying suspicious activity and security events at your organization.
You have been asked to search in Google Security Operations (SecOps) for network traffic associated with an active HTTP backdoor that runs on TCP port 5555. You want to use the most effective approach to identify traffic originating from the server that is running the backdoor. What should you do?
You have been asked to search in Google Security Operations (SecOps) for network traffic associated with an active HTTP backdoor that runs on TCP port 5555. You want to use the most effective approach to identify traffic originating from the server that is running the backdoor. What should you do?
Suggested Answer: C Vote an answer
The backdoor is running on TCP port 5555 on the server, meaning the server is the source of the traffic. In Google Security Operations (SecOps), the field principal.port represents the source port of the traffic, while target.port represents the destination. Since you want to identify traffic originating from the compromised server, filtering on principal.port = 5555 is the most effective approach.
by Winni at Jul 03, 2026, 08:07 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).