🔥 3-day streak
Professional Security Operations Engineer58 / 241
Question 58 of 241

Your organization runs Google SecOps as the central SIEM. A newly hired detection engineering contractor must author and test new YARA-L rules in a dedicated development environment, but corporate policy forbids the contractor from deploying rules that affect live production alerting or from modifying data retention and forwarding configurations. Full-time staff will review and promote the contractor's rules to production. Which access approach best satisfies least privilege while enabling the contractor to be productive?

Reviewed for accuracy · Report an issueNext question