Topic 1 Question 248
During a routine security review, your team discovered a suspicious login attempt to impersonate a highly privileged but regularly used service account by an unknown IP address. You need to effectively investigate in order to respond to this potential security incident. What should you do?
Enable Cloud Audit Logs for the resources that the service account interacts with. Review the logs for further evidence of unauthorized activity.
Review Cloud Audit Logs for activity related to the service account. Focus on the time period of the suspicious login attempt.
Run a vulnerability scan to identify potentially exploitable weaknesses in systems that use the service account.
Check Event Threat Detection in Security Command Center for any related alerts. Cross-reference your findings with Cloud Audit Logs.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: B
Question does not say that SCC is enabled, does it?
👍 3dv12024/10/19 - 正解だと思う選択肢: D
D. Check Event Threat Detection in Security Command Center for any related alerts. Cross-reference your findings with Cloud Audit Logs. Explanation:
Security Command Center (SCC) is Google Cloud's security and risk management platform. Event Threat Detection within SCC is specifically designed to detect suspicious activity, such as unauthorized logins, and generates alerts based on predefined threat patterns. This tool would help you quickly identify if the suspicious login attempt is part of a known threat pattern. After checking for alerts in Event Threat Detection, cross-referencing with Cloud Audit Logs will give you detailed insights into the actions performed by the service account, allowing you to investigate the extent of any potential breach.👍 21e225222024/09/08 - 正解だと思う選択肢: D
I think it's D.
👍 1yokoyan2024/09/05
シャッフルモード