Answer-first summary for fast verification
Answer: Create log views for each project team and only show each project team their application logs. Grant the operations team access to the _AllLogs view in the central logging project.
The correct solution involves creating log views for each project team to ensure they can only view their respective logs, and granting the operations team access to the _AllLogs view to view all logs. This approach directly addresses the security team's requirements by segregating log access based on project teams and providing comprehensive access to the operations team. Option A is incorrect because granting access to the _Default view in the central logging project does not restrict teams to only their logs. Option B is incorrect because it suggests restricting access to the _Default log view in their individual Google Cloud projects, which does not align with the centralized logging setup described. Option D is incorrect because exporting logs to BigQuery introduces unnecessary complexity and cost, and does not directly address the requirement for log access segregation within Cloud Logging.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Design a solution where application logs from multiple Google Cloud projects are stored in a central Cloud Logging project, ensuring that each project team can only access their own logs while allowing the operations team to view all logs. The solution must comply with the security team's requirements and minimize costs. What should you do?
A
Grant each project team access to the project _Default view in the central logging project. Grant togging viewer access to the operations team in the central logging project.
B
Create Identity and Access Management (IAM) roles for each project team and restrict access to the _Default log view in their individual Google Cloud project. Grant viewer access to the operations team in the central logging project.
C
Create log views for each project team and only show each project team their application logs. Grant the operations team access to the _AllLogs view in the central logging project.
D
Export logs to BigQuery tables for each project team. Grant project teams access to their tables. Grant logs writer access to the operations team in the central logging project.
No comments yet.