Valid Security-Operations-Engineer Dumps shared by EduDump.com for Helping Passing Security-Operations-Engineer Exam! EduDump.com now offer the newest Security-Operations-Engineer exam dumps, the EduDump.com Security-Operations-Engineer exam questions have been updated and answers have been corrected get the newest EduDump.com Security-Operations-Engineer dumps with Test Engine here:
Your Google Security Operations (SecOps) instance is generating alerts for unusual login times from multiple user accounts. Your SOC analysts are reporting a high number of the alerts are false positives involving service accounts used by scheduled automation tasks. You want to refine the detection logic using entity-level context available in Google SecOps. You want to use the most effective approach. What should you do?
Correct Answer: B
The most effective approach is to modify the rule to include the condition principal.user.type != "service_account". This directly uses entity-level context to exclude service accounts from triggering alerts for unusual login times, significantly reducing false positives without complex maintenance or manual list management.