Google Professional Cloud DevOps Engineer
Get started today
Ultimate access to all questions.
As a member of the SRE team at your company, you're tasked with meeting a new compliance requirement to retain logs of operations in Compute Engine that involve reading user-provided data in the Production project for two years. Which solution would best achieve this?
As a member of the SRE team at your company, you're tasked with meeting a new compliance requirement to retain logs of operations in Compute Engine that involve reading user-provided data in the Production project for two years. Which solution would best achieve this?
Explanation:
The correct approach involves creating a new Logs Bucket with a 730-day retention period and setting up a Logs Sink with the _Default Sink's inclusion filter to capture the specified logs. Enabling the Data Read audit log for Compute Engine is also necessary. Other options are incorrect because: the _Required Logs Bucket's retention period cannot be modified; the _Required Logs Sink's filters do not capture the required logs; and the Data Write audit log does not meet the specified criteria. For more details, refer to the documentation on enabling audit logs and Data Access audit logs.