Exam Security-Operations-Engineer Topic 5 Question 19 Discussion
Actual exam question for Google's Security-Operations-Engineer exam
Question #: 19
Topic #: 5
Question #: 19
Topic #: 5
Your company uses Google Security Operations (SecOps) Enterprise and is ingesting various logs. You need to proactively identify potentially compromised user accounts. Specifically, you need to detect when a user account downloads an unusually large volume of data compared to the user's established baseline activity. You want to detect this anomalous data access behavior using the least amount of effort. What should you do?
Suggested Answer: D Vote an answer
The most effective and least effort solution is to enable curated UEBA (User and Endpoint Behavioral Analytics) detection rules in Google SecOps and use the Risk Analytics dashboard.
UEBA automatically establishes user baselines and detects anomalies such as unusually large data downloads, removing the need to manually define thresholds or build custom rules.
UEBA automatically establishes user baselines and detects anomalies such as unusually large data downloads, removing the need to manually define thresholds or build custom rules.
by Noel at Feb 09, 2026, 08:12 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).