Google Cloud Professional Security Operations Engineer — Question 13

You are a security analyst at an organization that uses Google Security Operations (SecOps). You notice suspicious login attempts on several user accounts. You need to determine whether these attempts are part of a coordinated attack as quickly as possible. What action should you take first?

Answer options

• A. Enable default curated detections to automatically block suspicious IP addresses.
• B. Use UDM Search to query historical logs for recent IOCs associated with the suspicious login attempts.
• C. Remove user accounts that have repeated invalid login attempts.
• D. Look for correlations across impacted users in the Risk Analytics dashboard.

Correct answer: D

Explanation

The correct answer is D because analyzing correlations in the Risk Analytics dashboard can help quickly identify patterns or connections between the suspicious login attempts across multiple accounts, indicating a potential coordinated attack. Options A and C do not provide immediate insight into the nature of the attack, while B focuses on historical data that may not be relevant to the current situation.