Answer-first summary for fast verification
Answer: Use Cloud Audit Logs and export them to Cloud Storage. Create a retention policy along with a retention policy lock to prevent early deletion of logs. Define a lifecycle policy to delete the logs after three years.
Cloud Audit Logs are essential for tracking changes to IAM entities, retaining logs for 30 days by default. For extended retention, exporting logs to Cloud Storage is recommended. Implementing a retention policy specifies the duration for log preservation, and a retention policy lock ensures the retention period cannot be altered prematurely. Cloud Logging's retention capabilities are limited to 30 days and do not support retention policies. Cloud Monitoring is designed for metrics collection and visualization, not log storage. Bigtable, optimized for high-volume, low-latency writes and specific query types, is unsuitable for log storage. For more details, visit [Google Cloud's Audit Logging documentation](https://cloud.google.com/logging/docs/audit).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
To adhere to industry regulations, you are required to maintain logs of all modifications made to IAM roles and identities for a duration of 3 years. What is the most effective method to fulfill this requirement?
A
Utilize Cloud Audit Logs and store them in Cloud Monitoring. Set a three-year retention policy in Cloud Logging to ensure logs are automatically deleted after the specified period.
B
Employ Cloud Audit Logs and export them to Bigtable. Implement a retention policy and a retention policy lock to safeguard the logs from premature deletion. Establish a lifecycle policy to remove the logs after three years.
C
Leverage Cloud Audit Logs and retain them within Cloud Logging. Apply a three-year retention policy in Cloud Logging for automatic deletion of logs post the three-year mark.
D
Use Cloud Audit Logs and export them to Cloud Storage. Create a retention policy along with a retention policy lock to prevent early deletion of logs. Define a lifecycle policy to delete the logs after three years.