Exam Security-Operations-Engineer Topic 5 Question 19 Discussion

Actual exam question for Google's Security-Operations-Engineer exam
Question #: 19
Topic #: 5
Your company uses Google Security Operations (SecOps) Enterprise and is ingesting various logs. You need to proactively identify potentially compromised user accounts. Specifically, you need to detect when a user account downloads an unusually large volume of data compared to the user's established baseline activity. You want to detect this anomalous data access behavior using the least amount of effort. What should you do?

Suggested Answer: D Vote an answer

The most effective and least effort solution is to enable curated UEBA (User and Endpoint Behavioral Analytics) detection rules in Google SecOps and use the Risk Analytics dashboard.
UEBA automatically establishes user baselines and detects anomalies such as unusually large data downloads, removing the need to manually define thresholds or build custom rules.

by Noel at Feb 09, 2026, 08:12 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10