Explanation:
The correct approach involves creating a new Logs Bucket with a 730-day retention period and setting up a Logs Sink with the _Default Sink's inclusion filter to capture the specified logs. Enabling the Data Read audit log for Compute Engine is also necessary. Other options are incorrect because: the _Required Logs Bucket's retention period cannot be modified; the _Required Logs Sink's filters do not capture the required logs; and the Data Write audit log does not meet the specified criteria. For more details, refer to the documentation on enabling audit logs and Data Access audit logs.
Ultimate access to all questions.
No comments yet.
As a member of the SRE team at your company, you're tasked with meeting a new compliance requirement to retain logs of operations in Compute Engine that involve reading user-provided data in the Production project for two years. Which solution would best achieve this?
A
Enable the Data Write audit logs for Compute Engine API.
B
Create a Logs Bucket with a retention period of 730 days. Create a new Logs Sink with the new Logs Bucket as destination and the inclusion filter of the _Required Sink.
C
Update the retention period of the _Required Logs bucket from 30 days to 730days.
D
Enable the Data Read audit logs for Compute Engine API
E
Create a Logs Bucket with a retention period of 730days. Create a Logs Sink with the new Logs Bucket as destination and the inclusion filter of the _Default Sink.