Exam Security-Operations-Engineer Topic 5 Question 84 Discussion

Actual exam question for Google's Security-Operations-Engineer exam
Question #: 84
Topic #: 5
Your organization recently implemented Google Security Operations (SecOps) with Applied Threat Intelligence enabled. You were notified by the networking team about potentially anomalous communications to external domains in the last 30 days. You plan to start your threat hunting by looking at communications to external domains. You are ingesting the following logs into Google SecOps:
- Firewall logs
- Proxy logs
- DNS logs
- DHCP logs
What should you do? (Choose two.)

Suggested Answer: B,D Vote an answer

Running a UDM search for low-prevalence domains first seen in the last 30 days helps uncover potentially anomalous or malicious domains, since attackers often use newly registered or rarely seen domains for C2 or exfiltration.
Using the Risk Analytics dashboard allows you to identify domains with higher normalized risk scores. Drilling into those entities helps validate whether they are new, rare, or potentially tied to malicious activity.

by Sandra at Jan 25, 2026, 08:03 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10