When enriching data from a third-party DNS filter for UDM compatibility, which approach aligns with the least effort and maintainability?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Google SecOps Professional Engineer Test with our interactive quiz. Utilize flashcards and multiple-choice questions with hints and explanations to boost your readiness and confidence.

Multiple Choice

When enriching data from a third-party DNS filter for UDM compatibility, which approach aligns with the least effort and maintainability?

Explanation:
Focusing on a light-touch, maintainable way to align third-party DNS filter data with the UDM schema means extending the existing parsing layer rather than reworking upstream or adding downstream guesswork. By creating a parser extension that maps the missing source fields to the correct UDM fields and attaching it to the current parser, you keep the change localized where the data actually enters your system. This leverages the established ingestion and validation logic, so you preserve consistent data quality and schema conformity without scattering mapping rules across multiple components. This approach centralizes the field mappings in one place, making updates straightforward if the DNS filter output changes or UDM requirements evolve. It reduces risk because you’re not altering how data is ingested from upstream (which could affect other data or pipelines) and you’re not introducing a separate path that downstream systems must interpret. It also avoids the overhead of building custom parsing that outputs raw JSON, which would require additional downstream work to rehydrate into UDM, increasing maintenance burden and potential for drift. In contrast, changing the ingestion source to remap fields directly can create upstream dependencies and broader blast-radius changes; using asset enrichment to infer fields can be unreliable or insufficient for full UDM compatibility; and a separate custom parser emitting raw JSON imposes extra parsing logic downstream and more code to maintain.

Focusing on a light-touch, maintainable way to align third-party DNS filter data with the UDM schema means extending the existing parsing layer rather than reworking upstream or adding downstream guesswork. By creating a parser extension that maps the missing source fields to the correct UDM fields and attaching it to the current parser, you keep the change localized where the data actually enters your system. This leverages the established ingestion and validation logic, so you preserve consistent data quality and schema conformity without scattering mapping rules across multiple components.

This approach centralizes the field mappings in one place, making updates straightforward if the DNS filter output changes or UDM requirements evolve. It reduces risk because you’re not altering how data is ingested from upstream (which could affect other data or pipelines) and you’re not introducing a separate path that downstream systems must interpret. It also avoids the overhead of building custom parsing that outputs raw JSON, which would require additional downstream work to rehydrate into UDM, increasing maintenance burden and potential for drift.

In contrast, changing the ingestion source to remap fields directly can create upstream dependencies and broader blast-radius changes; using asset enrichment to infer fields can be unreliable or insufficient for full UDM compatibility; and a separate custom parser emitting raw JSON imposes extra parsing logic downstream and more code to maintain.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy