You are tasked with granting access permissions to an external auditor who needs to perform a review of your Google Cloud Platform (GCP) infrastructure. Specifically, the auditor requires access to two types of logs: the Audit Logs that record administrative activities and the Data Access logs that capture data read/write operations. Which Cloud Identity and Access Management (Cloud IAM) role should you assign to the auditor to enable them to review both of these log types?

Exam-Like

Assign the auditor the IAM role roles/logging.privateLogViewer. Perform the export of logs to Cloud Storage.

13.4%

Assign the auditor the IAM role roles/logging.privateLogViewer. Direct the auditor to also review the logs for changes to Cloud IAM policy.

52.1%

Assign the auditor's IAM user to a custom role that has logging.privateLogEntries.list permission. Perform the export of logs to Cloud Storage.

18.5%

Assign the auditor's IAM user to a custom role that has logging.privateLogEntries.list permission. Direct the auditor to also review the logs for changes to Cloud IAM policy.

16.0%

Google Associate Cloud Engineer

Get started today

Comments