🔥 3-day streak
Professional Security Operations Engineer35 / 241
Question 35 of 241

During post-incident activities for a resolved credential-phishing case in Google SecOps, your team confirmed the attacker used a specific set of newly registered domains and a phishing kit hash that were NOT detected proactively. Leadership wants to ensure the organization can immediately identify whether these same indicators appeared elsewhere in the environment during the incident window AND be alerted if they recur. Which combination of post-incident actions BEST satisfies both goals?

Reviewed for accuracy · Report an issueNext question