Limited Time Offer
15%
Off
Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.
Exam Security-Operations-Engineer Topic 1 Question 39 Discussion
Actual exam question for Google's Security-Operations-Engineer exam
Question #: 39
Topic #: 1
Question #: 39
Topic #: 1
You work for an organization that uses Security Command Center (SCC) with Event Threat Detection (ETD) enabled. You need to enable ETD detections for data exfiltration attempts from designated sensitive Cloud Storage buckets and BigQuery datasets. You want to minimize Cloud Logging costs. What should you do?
Suggested Answer: A Vote an answer
Comprehensive and Detailed 150 to 250 words of Explanation From Exact Extract Google Security Operations Engineer documents:
This question is a balance between enabling detection and managing cost. Event Threat Detection (ETD) identifies threats by analyzing logs, and the specific detection for data exfiltration requires Data Access audit logs.
Data Access audit logs are disabled by default because they are high-volume and can be expensive. The key requirement is to "minimize Cloud Logging costs" while still enabling the detection for specific sensitive resources.
Data exfiltration is a "data read" operation. Therefore, to meet the requirements, the organization only needs to enable "data read" audit logs. Enabling "data write" logs (Option B) is unnecessary for this detection and would add needless cost. Enabling logs for all resources (Option C) would be prohibitively expensive and violates the "minimize cost" constraint. While ETD does use VPC Flow Logs (Option D) for many network- based detections, they do not provide the resource-level detail (i.e., which bucket or dataset was accessed) required for this specific data exfiltration finding. Therefore, enabling "data read" logs only for the sensitive resources is the most precise, cost-effective solution.
(Reference: Google Cloud documentation, "Event Threat Detection overview"; "Enable Event Threat Detection"; "Cloud Logging - Data Access audit logs")
This question is a balance between enabling detection and managing cost. Event Threat Detection (ETD) identifies threats by analyzing logs, and the specific detection for data exfiltration requires Data Access audit logs.
Data Access audit logs are disabled by default because they are high-volume and can be expensive. The key requirement is to "minimize Cloud Logging costs" while still enabling the detection for specific sensitive resources.
Data exfiltration is a "data read" operation. Therefore, to meet the requirements, the organization only needs to enable "data read" audit logs. Enabling "data write" logs (Option B) is unnecessary for this detection and would add needless cost. Enabling logs for all resources (Option C) would be prohibitively expensive and violates the "minimize cost" constraint. While ETD does use VPC Flow Logs (Option D) for many network- based detections, they do not provide the resource-level detail (i.e., which bucket or dataset was accessed) required for this specific data exfiltration finding. Therefore, enabling "data read" logs only for the sensitive resources is the most precise, cost-effective solution.
(Reference: Google Cloud documentation, "Event Threat Detection overview"; "Enable Event Threat Detection"; "Cloud Logging - Data Access audit logs")
by Roxanne at Nov 13, 2025, 09:27 PM
Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.
RECENT DISCUSSIONS
- Exam PSM-II Topic 3 Question 115 Discussion
- Exam Marketing-Cloud-Administrator Topic 1 Question 49 Discussion
- Exam AB-730 Topic 2 Question 87 Discussion
- Exam 3V0-22.25 Topic 1 Question 49 Discussion
- Exam 312-85 Topic 7 Question 89 Discussion
- Exam 212-89 Topic 1 Question 11 Discussion
- Exam TDA-C01 Topic 2 Question 103 Discussion
Contact Us
From Monday to Saturday
Support: Contact now
If you have any question please leave me your email address, we will reply and send email to you in 12 hours.
Copyright © 2026 Actual4test NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy
Disclaimer:
Actual4test doesn't offer Real SANS and GIAC Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
Actual4test material do not contain actual actual Oracle Exam Questions or material.
Actual4test doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
Actual4test Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Actual4test does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Actual4test does not own or claim any ownership on any of the brands.
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).