Exam Security-Operations-Engineer Topic 5 Question 52 Discussion

Actual exam question for Google's Security-Operations-Engineer exam
Question #: 52
Topic #: 5
You are using Google Security Operations (SecOps) to identify and report a repetitive sequence of brute force SSH login attempts on a Compute Engine image that did not result in a successful login. You need to gain visibility into this activity while minimizing impact on your ingestion quota.
Which log type should you ingest into Google SecOps?

Suggested Answer: A Vote an answer

VPC Flow Logs provide network-level visibility into traffic such as repetitive SSH connection attempts, regardless of login success. Ingesting VPC Flow Logs lets you identify brute force patterns while minimizing ingestion volume, since you don't need full authentication logs or Cloud Audit Logs for unsuccessful login attempts. This approach gives you the necessary insight into SSH brute force activity without high log ingestion costs.

by Vic at Jan 21, 2026, 06:24 PM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10