Which notification method is suitable to detect missing data from forwarders within five minutes?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Google SecOps Professional Engineer Test with our interactive quiz. Utilize flashcards and multiple-choice questions with hints and explanations to boost your readiness and confidence.

Multiple Choice

Which notification method is suitable to detect missing data from forwarders within five minutes?

Explanation:
The key idea is to detect when data stops arriving within a short window for each forwarder. A metric-absence alert in Cloud Monitoring fits this need perfectly: it triggers when no samples for a given metric are received over a specified duration, and by filtering for each collector_id you get per-forwarder visibility. Setting the duration to five minutes means you’ll be notified as soon as a forwarder stops sending data for that window, which is exactly the scenario you want to catch. Why the other approaches aren’t as suitable: using a SIEM dashboard to visualize ingestion metrics doesn’t inherently alert you in real time about gaps, so you’d still rely on manual checks or separate alerting. An alert based on total ingested log count per collector_id can indicate drops, but it’s less precise for detecting a lack of data within a strict five-minute window and can be influenced by delays or batch processing. A Looker dashboard tied to BigQuery is great for analysis, but it isn’t a real-time notification mechanism.

The key idea is to detect when data stops arriving within a short window for each forwarder. A metric-absence alert in Cloud Monitoring fits this need perfectly: it triggers when no samples for a given metric are received over a specified duration, and by filtering for each collector_id you get per-forwarder visibility. Setting the duration to five minutes means you’ll be notified as soon as a forwarder stops sending data for that window, which is exactly the scenario you want to catch.

Why the other approaches aren’t as suitable: using a SIEM dashboard to visualize ingestion metrics doesn’t inherently alert you in real time about gaps, so you’d still rely on manual checks or separate alerting. An alert based on total ingested log count per collector_id can indicate drops, but it’s less precise for detecting a lack of data within a strict five-minute window and can be influenced by delays or batch processing. A Looker dashboard tied to BigQuery is great for analysis, but it isn’t a real-time notification mechanism.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy