🔥 3-day streak
Professional Security Operations Engineer139 / 241
Question 139 of 241

You are a SecOps engineer triaging a batch of SCC findings surfaced in Google SecOps. One finding is categorized as CRITICAL severity: a Compute Engine instance with a publicly exposed SSH port. However, the finding's attack path and asset context show the instance is in an isolated sandbox project with no service account permissions, no sensitive data, and is scheduled for deletion within 24 hours. Meanwhile, a MEDIUM severity finding flags overly permissive IAM on a service account that has active Editor access to the production data warehouse project. With limited time, how should you prioritize triage of these two findings?

Reviewed for accuracy · Report an issueNext question