🔥 3-day streak
Professional Security Operations Engineer14 / 241
Question 14 of 241
A security operations team has integrated SCC, Google SecOps, GTI, and Cloud IDS. During a purple-team exercise, the red team exfiltrated data from a Compute Engine VM to an external attacker-controlled host over an encrypted channel on a non-standard port. SecOps received VPC Flow Log telemetry showing the connection, but no alert fired identifying the traffic as malicious, and Cloud IDS produced no signature match. Which conclusion best identifies the coverage gap and the most appropriate remediation?
Reviewed for accuracy · Report an issueNext question