You notice suspicious login attempts on several user accounts. You need to determine whether these attempts are part of a coordinated attack quickly. What action first?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Google SecOps Professional Engineer Test with our interactive quiz. Utilize flashcards and multiple-choice questions with hints and explanations to boost your readiness and confidence.

Multiple Choice

You notice suspicious login attempts on several user accounts. You need to determine whether these attempts are part of a coordinated attack quickly. What action first?

Explanation:
When suspicious login attempts appear across many accounts, the fastest way to know if they’re part of a coordinated effort is to look for correlations across the impacted users in the Risk Analytics dashboard. This dashboard brings together signals from multiple accounts and surfaces patterns that tie events together—same IPs or ranges, similar login times, geographic clustering, shared device fingerprints, or links between accounts. If you see these common threads across several users, it strongly indicates a coordinated attack, helping you scope the scope and plan a coordinated response quickly. Querying historical logs for indicators of compromise can be informative, but it’s more about identifying known fingerprints after the fact and may not reveal how events are connected in real time. Automatically blocking IPs based on curated detections is a preventive guardrail, but it risks disrupting legitimate activity and doesn’t establish whether the events are related. Removing user accounts is a drastic containment step that’s premature without confirming the broader scope and relationships of the activity. So, examining correlations in the Risk Analytics dashboard gives the clearest, quickest read on whether the activity is connected, guiding appropriate and proportional responses.

When suspicious login attempts appear across many accounts, the fastest way to know if they’re part of a coordinated effort is to look for correlations across the impacted users in the Risk Analytics dashboard. This dashboard brings together signals from multiple accounts and surfaces patterns that tie events together—same IPs or ranges, similar login times, geographic clustering, shared device fingerprints, or links between accounts. If you see these common threads across several users, it strongly indicates a coordinated attack, helping you scope the scope and plan a coordinated response quickly.

Querying historical logs for indicators of compromise can be informative, but it’s more about identifying known fingerprints after the fact and may not reveal how events are connected in real time. Automatically blocking IPs based on curated detections is a preventive guardrail, but it risks disrupting legitimate activity and doesn’t establish whether the events are related. Removing user accounts is a drastic containment step that’s premature without confirming the broader scope and relationships of the activity.

So, examining correlations in the Risk Analytics dashboard gives the clearest, quickest read on whether the activity is connected, guiding appropriate and proportional responses.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy