Data Analysts in your company currently possess the Cloud IAM Owner role, enabling them to interact with various Google Cloud Platform (GCP) products within their assigned projects. Your organization has a policy that mandates the retention of all BigQuery data access logs for a duration of 6 months. To comply with this policy, you need to implement a solution ensuring that access to these data access logs is restricted exclusively to the audit personnel within your company. What steps should you take to achieve this?

Exam-Like

Enable data access logs in each Data Analyst's project. Restrict access to Stackdriver Logging via Cloud IAM roles.

8.9%

Export the data access logs via a project-level export sink to a Cloud Storage bucket in the Data Analysts' projects. Restrict access to the Cloud Storage bucket.

13.3%

Export the data access logs via a project-level export sink to a Cloud Storage bucket in a newly created projects for audit logs. Restrict access to the project with the exported logs.

24.4%

Export the data access logs via an aggregated export sink to a Cloud Storage bucket in a newly created project for audit logs. Restrict access to the project that contains the exported logs.

53.3%

Google Professional Data Engineer

Comments

Get started today