GCP-PSOE
Threat hunting
medium
Question 3 of 35

An alert shows only a suspicious file hash and no direct asset identifier. What is the best next step to identify the affected asset?

AClose the alert as incomplete
BRun a UDM search using the hash to locate the associated asset
CCreate a new reference list from the hash
DWait for Risk Analytics to assign a case owner

More Threat hunting Questions

35 questions

Full Google Professional Security Operations Engineer Practice Test

All topics covered

All Google Professional Security Operations Engineer Questions

Browse by topic

Related Questions

In Google SecOps search, what does the grouped field ip do?...

easy

What is the purpose of watchlists in Google SecOps Risk Analytics?...

easy

An analyst wants to discover which UDM field contains a specific text value before writing a search ...

easy

A SOC wants to prioritize triage by organizational threat rather than by arrival time. Which workflo...

medium

An investigator needs to understand how a high-risk alert spread across related systems and accounts...

medium
View all Threat hunting questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account