🔥 3-day streak
Professional Cloud Security Engineer115 / 152
Question 115 of 152

Your security operations team uses Security Command Center Premium with Event Threat Detection enabled across the organization. A legacy batch-processing service account regularly triggers 'Persistence: IAM Anomalous Grant' and 'Evasion: Access from Anonymizing Proxy' findings that have been reviewed and confirmed as expected behavior for this specific workload. Analysts are spending significant time re-triaging these recurring findings, but leadership requires that the underlying detections stay active for all other identities and that any future changes to this workload's behavior still generate reviewable records. What should you do?

Reviewed for accuracy · Report an issueNext question