Google Cloud Professional Cloud Security Engineer — Question 298

During a routine security review, your team discovered a suspicious login attempt to impersonate a highly privileged but regularly used service account by an unknown IP address. You need to effectively investigate in order to respond to this potential security incident. What should you do?

Answer options

• A. Enable Cloud Audit Logs for the resources that the service account interacts with. Review the logs for further evidence of unauthorized activity.
• B. Review Cloud Audit Logs for activity related to the service account. Focus on the time period of the suspicious login attempt.
• C. Run a vulnerability scan to identify potentially exploitable weaknesses in systems that use the service account.
• D. Check Event Threat Detection in Security Command Center for any related alerts. Cross-reference your findings with Cloud Audit Logs.

Correct answer: D

Explanation

The correct answer is D because checking Event Threat Detection can provide immediate alerts about any suspicious activity, which is crucial for responding to potential threats. While options A and B involve reviewing logs, they do not provide real-time alerts and may not be as effective for immediate investigation. Option C, while useful, does not directly address the suspicious login attempt.