Exam Security-Operations-Engineer Topic 5 Question 84 Discussion
Actual exam question for Google's Security-Operations-Engineer exam
Question #: 84
Topic #: 5
Question #: 84
Topic #: 5
Your organization recently implemented Google Security Operations (SecOps) with Applied Threat Intelligence enabled. You were notified by the networking team about potentially anomalous communications to external domains in the last 30 days. You plan to start your threat hunting by looking at communications to external domains. You are ingesting the following logs into Google SecOps:
- Firewall logs
- Proxy logs
- DNS logs
- DHCP logs
What should you do? (Choose two.)
- Firewall logs
- Proxy logs
- DNS logs
- DHCP logs
What should you do? (Choose two.)
Suggested Answer: B,D Vote an answer
Running a UDM search for low-prevalence domains first seen in the last 30 days helps uncover potentially anomalous or malicious domains, since attackers often use newly registered or rarely seen domains for C2 or exfiltration.
Using the Risk Analytics dashboard allows you to identify domains with higher normalized risk scores. Drilling into those entities helps validate whether they are new, rare, or potentially tied to malicious activity.
Using the Risk Analytics dashboard allows you to identify domains with higher normalized risk scores. Drilling into those entities helps validate whether they are new, rare, or potentially tied to malicious activity.
by Sandra at Jan 25, 2026, 08:03 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).