🔥 3-day streak
Professional Security Operations Engineer48 / 241
Question 48 of 241
A SecOps engineer is designing a detection strategy for compromised GCP identities. The organization uses Security Command Center Premium, Google SecOps SIEM ingesting Cloud Audit Logs, and Cloud IDS. Leadership wants the fastest reliable signal when a service account key is used from an anomalous geographic location to enumerate IAM permissions. Which telemetry source should the engineer prioritize as the primary detection input for this specific behavior, and why?
Reviewed for accuracy · Report an issueNext question