Exam Security-Operations-Engineer Topic 5 Question 142 Discussion
Actual exam question for Google's Security-Operations-Engineer exam
Question #: 142
Topic #: 5
Question #: 142
Topic #: 5
You are planning log onboarding for a Google Security Operations (SecOps) SIEM deployment in a cloud-heavy enterprise environment. The detection engineering team is requesting log sources that support visibility into:
- User identity behavior
- Lateral movement
- Privilege escalation attempts
You need to determine which telemetry sources are ingested first. Which log source should you prioritize?
- User identity behavior
- Lateral movement
- Privilege escalation attempts
You need to determine which telemetry sources are ingested first. Which log source should you prioritize?
Suggested Answer: B Vote an answer
EDR (Endpoint Detection and Response) logs should be prioritized because they provide direct visibility into user identity behavior, lateral movement, and privilege escalation attempts on endpoints. These logs capture process execution, authentication events, and anomalous activities, which are critical for early detection of threats before other systems, such as CASB or network firewalls, report related events.
by Maxine at Jan 04, 2026, 05:44 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).