🔥 3-day streak
Professional Cloud Security Engineer39 / 152
Question 39 of 152
A security analyst at a financial services company must detect any interactive access to Compute Engine VM serial consoles, because attackers sometimes use them to bypass network-based controls and SSH logging. The organization already exports all audit logs to a central log bucket, but the analyst wants a near-real-time alert whenever serial console access is enabled or used on any VM in the organization. What is the most appropriate way to implement this detection?
Reviewed for accuracy · Report an issueNext question