You are hunting for lateral movement via RDP. Which approach best informs a UDM-based query for detection?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $24.99Unlock all

Prepare for the Google SecOps Professional Engineer Test with our interactive quiz. Utilize flashcards and multiple-choice questions with hints and explanations to boost your readiness and confidence.

Multiple Choice

You are hunting for lateral movement via RDP. Which approach best informs a UDM-based query for detection?

To detect lateral movement via RDP, the strongest signal is the protocol itself. Filtering for events that carry protocol-level attributes indicating an RDP connection lets your UDM-based query pick up the actual RDP sessions across any host, port, or network path. This approach stays reliable even if attackers use standard ports or hide traffic, because it relies on the protocol signature rather than port numbers.

Grouping by user and time or correlating by asset classification can add useful context or reveal anomalous patterns, but they don’t by themselves identify the RDP activity you’re hunting. By focusing on the protocol-level indicators of RDP, you directly capture the relevant events for subsequent analysis and detection.

You are hunting for lateral movement via RDP. Which approach best informs a UDM-based query for detection?

Prepare for the Google SecOps Professional Engineer Test with our interactive quiz. Utilize flashcards and multiple-choice questions with hints and explanations to boost your readiness and confidence.

You are hunting for lateral movement via RDP. Which approach best informs a UDM-based query for detection?

Get the latest from Examzify