Exam Security-Operations-Engineer Topic 5 Question 2 Discussion

Actual exam question for Google's Security-Operations-Engineer exam
Question #: 2
Topic #: 5
You are building a detection rule in Google Security Operations (SecOps) to alert on requests to potentially malicious domains. You are planning to use the logs from your network detection and response (NDR) solution but you need to reduce noise and narrow the scope of detections. You want to minimize cost and deploy the solution quickly. What should you do?

Suggested Answer: D Vote an answer

The most effective and efficient approach is to ingest threat intelligence platform (TIP) logs and build a multi-event rule in Google SecOps that correlates domains found in your NDR logs with your TIP's known malicious domains. This method quickly narrows detection scope to high- confidence IOCs, reduces noise, and minimizes cost and complexity compared to manual enrichment or additional monitoring services.

by Donna at Apr 16, 2026, 03:31 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10