Google Professional Cloud Security Engineer
Get started today
Ultimate access to all questions.
You need to investigate a potential security incident where a suspicious login attempt from an unknown IP address tried to impersonate a highly privileged, regularly used service account. What is your immediate course of action?
You need to investigate a potential security incident where a suspicious login attempt from an unknown IP address tried to impersonate a highly privileged, regularly used service account. What is your immediate course of action?
Exam-Like
A
Enable Cloud Audit Logs for the resources that the service account interacts with. Review the logs for further evidence of unauthorized activity.
B
Review Cloud Audit Logs for activity related to the service account. Focus on the time period of the suspicious login attempt.
C
Run a vulnerability scan to identify potentially exploitable weaknesses in systems that use the service account.
Comments
Loading comments...