Answer-first summary for fast verification
Answer: Use the Google Cloud Pub/Sub service to stream logs from Google Cloud Logging to the SIEM tool in real-time.
Correct answer: **C**. Utilizing Google Cloud Pub/Sub for real-time log streaming from Google Cloud Logging to a SIEM tool enables immediate analysis, crucial for timely anomaly and threat detection. This method ensures the SIEM tool accesses the latest data efficiently. - **A**: Incorrect. Deploying SIEM agents on every VM is impractical and misses logs from non-VM managed services. - **B**: Incorrect. Periodic manual log exports are inefficient and may delay threat detection. - **D**: Incorrect. Not all SIEM tools may support built-in integration with Google Cloud Logging, making this approach less universally applicable than Pub/Sub.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A DevOps Engineer is analyzing audit and flow logs to identify anomalies and potential security threats within Google Cloud Platform (GCP). They've opted for SIEM tools to assist in this task. What is the most effective method to integrate SIEM tools with GCP for this purpose?
A
Install a SIEM agent on each virtual machine (VM) and configure it to send logs directly to the SIEM tool.
B
Manually export logs from Google Cloud Logging periodically and then import them into the SIEM tool.
C
Use the Google Cloud Pub/Sub service to stream logs from Google Cloud Logging to the SIEM tool in real-time.
D
Rely on the built-in integration between Google Cloud Logging and the SIEM tool to automatically forward logs.
No comments yet.