Exam Security-Operations-Engineer Topic 5 Question 78 Discussion

Actual exam question for Google's Security-Operations-Engineer exam
Question #: 78
Topic #: 5
Your organization uses Google Security Operations (SecOps). You discover frequent file downloads from a shared workspace within a short time window. You need to configure a rule in Google SecOps that identifies these suspicious events and assigns higher risk scores to repeated anomalies. What should you do?

Suggested Answer: B Vote an answer

The correct approach is to create a frequency-based YARA-L detection rule in Google SecOps.
Frequency-based rules allow you to detect repeated suspicious behavior, such as multiple file downloads within a short time window, and assign higher risk outcome scores accordingly. This ensures anomalies are prioritized based on their frequency and severity, rather than flagging isolated single events.

by Beatrice at Feb 08, 2026, 12:00 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10