Ultimate access to all questions.
Upgrade Now 🚀
Sign in to unlock AI tutor
You need to investigate a potential security incident where a suspicious login attempt from an unknown IP address tried to impersonate a highly privileged, regularly used service account. What is your immediate course of action?
A
Enable Cloud Audit Logs for the resources that the service account interacts with. Review the logs for further evidence of unauthorized activity.
B
Review Cloud Audit Logs for activity related to the service account. Focus on the time period of the suspicious login attempt.
C
Run a vulnerability scan to identify potentially exploitable weaknesses in systems that use the service account.
D
Check Event Threat Detection in Security Command Center for any related alerts. Cross-reference your findings with Cloud Audit Logs.
