Answer-first summary for fast verification
Answer: Check Event Threat Detection in Security Command Center for any related alerts. Cross-reference your findings with Cloud Audit Logs.
Option D is the optimal choice because Event Threat Detection (ETD) in Security Command Center (SCC) is specifically designed to automatically detect and alert on suspicious activities like anomalous service account usage or credential compromise in near real-time. Cross-referencing ETD alerts with Cloud Audit Logs provides a comprehensive investigation by confirming the scope and details of the incident. While option B (reviewing Cloud Audit Logs) is partially valid and received some community support (38%), it is less efficient as it requires manual analysis without the automated threat detection that ETD offers. Option A is redundant since Cloud Audit Logs should already be enabled for security monitoring, and option C (vulnerability scanning) is reactive and not directly relevant to investigating an active login attempt. The community consensus strongly favors D (63% support), with detailed reasoning highlighting ETD's effectiveness in detecting such threats.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You need to investigate a potential security incident where a suspicious login attempt from an unknown IP address tried to impersonate a highly privileged, regularly used service account. What is your immediate course of action?
A
Enable Cloud Audit Logs for the resources that the service account interacts with. Review the logs for further evidence of unauthorized activity.
B
Review Cloud Audit Logs for activity related to the service account. Focus on the time period of the suspicious login attempt.
C
Run a vulnerability scan to identify potentially exploitable weaknesses in systems that use the service account.
D
Check Event Threat Detection in Security Command Center for any related alerts. Cross-reference your findings with Cloud Audit Logs.