Google Cloud Professional Security Operations Engineer — Question 18

Your organization uses the curated detection rule set in Google Security Operations (SecOps) for high priority network indicators. You are finding a vast number of false positives coming from your on-premises proxy servers. You need to reduce the number of alerts. What should you do?

Answer options

• A. Configure a rule exclusion for the network.asset.ip field.
• B. Configure a rule exclusion for the principal.ip field.
• C. Configure a rule exclusion for the target.domain field.
• D. Configure a rule exclusion for the target.ip field.

Correct answer: B

Explanation

The correct answer is B because configuring a rule exclusion for the principal.ip field helps to filter out alerts generated by users or services that are not relevant, thus reducing false positives. The other options do not address the specific source of the false positives effectively, as they target different fields that may not be directly linked to the issue at hand.