Exam Security-Operations-Engineer Topic 5 Question 142 Discussion

Actual exam question for Google's Security-Operations-Engineer exam
Question #: 142
Topic #: 5
You are planning log onboarding for a Google Security Operations (SecOps) SIEM deployment in a cloud-heavy enterprise environment. The detection engineering team is requesting log sources that support visibility into:
- User identity behavior
- Lateral movement
- Privilege escalation attempts
You need to determine which telemetry sources are ingested first. Which log source should you prioritize?

Suggested Answer: B Vote an answer

EDR (Endpoint Detection and Response) logs should be prioritized because they provide direct visibility into user identity behavior, lateral movement, and privilege escalation attempts on endpoints. These logs capture process execution, authentication events, and anomalous activities, which are critical for early detection of threats before other systems, such as CASB or network firewalls, report related events.

by Maxine at Jan 04, 2026, 05:44 PM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10